CVE-2004-0294

2004-03-1805:00:00

mitre

www.cve.org

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.5%

JSON

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

References

marc.info/?l=bugtraq&m=107703591314745&w=2

www.securityfocus.com/bid/9677

exchange.xforce.ibmcloud.com/vulnerabilities/15236