User Enumeration Vulnerability in PHPJabbers Event Booking Calendar
CVE-2023-40765
9.8CRITICAL
What is CVE-2023-40765?
The Event Booking Calendar version 4.0 from PHPJabbers contains a user enumeration vulnerability that arises during the password recovery process. This flaw allows attackers to differentiate between valid and invalid usernames based on the varying responses generated during recovery attempts. The implications of this vulnerability are significant, as it can facilitate targeted brute force attacks against accounts of valid users.