Описание
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:password_recovery_project:password_recovery:1.2:*:*:*:*:roundcube:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
CWE-203
Связанные уязвимости
CVSS3: 5.3
github
больше 2 лет назад
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
EPSS
Процентиль: 23%
0.00077
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-204
CWE-203