User Enumeration Vulnerability in PHP Jabbers Car Rental Script
CVE-2023-40764

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Car Rental Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40764?

A user enumeration vulnerability exists in PHP Jabbers Car Rental Script v3.0 during the password recovery process. This vulnerability arises from inconsistent messages returned to users, which can indicate whether a username is valid. An attacker could exploit this inconsistency to ascertain valid usernames, thereby facilitating brute force attacks against accounts within the system. Mitigation strategies should involve implementing uniform response messages for valid and invalid username attempts, enhancing user authentication security.

References

https://www.phpjabbers.com/car-rental-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40764?

References

CVSS V3.1

Timeline