User Enumeration Vulnerability in PHP Jabbers Car Rental Script
CVE-2023-40764
9.8CRITICAL
Summary
A user enumeration vulnerability exists in PHP Jabbers Car Rental Script v3.0 during the password recovery process. This vulnerability arises from inconsistent messages returned to users, which can indicate whether a username is valid. An attacker could exploit this inconsistency to ascertain valid usernames, thereby facilitating brute force attacks against accounts within the system. Mitigation strategies should involve implementing uniform response messages for valid and invalid username attempts, enhancing user authentication security.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved