5.4 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.5%
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
marc.info/?l=bugtraq&m=107703591314745&w=2
www.securityfocus.com/bid/9677
exchange.xforce.ibmcloud.com/vulnerabilities/15236