User Enumeration in PHPJabbers Ticket Support Script by PHPJabbers
CVE-2023-40766

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Ticket Support Script
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40766?

The Ticket Support Script by PHPJabbers, specifically version 3.2, is susceptible to a user enumeration vulnerability during the password recovery process. An attacker can exploit the system by analyzing differing messages returned for valid and invalid users. This discrepancy allows the potential for initiating targeted brute force attacks on valid user accounts, magnifying the risk of unauthorized access. It is crucial for users of this script to implement mitigative measures to safeguard against such exposure.

References

https://www.phpjabbers.com/ticket-support-script/

https://medium.com/%40mfortinsec/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

PHPjabbers

What is CVE-2023-40766?

References

CVSS V3.1

Timeline