Home > Vulnerability Database > WS-2022-0416

Mend.io Vulnerability Database

WS-2022-0416

Good to know:

Date: November 5, 2022

User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system. The malicious actor is looking for differences in the server's response based on the validity of submitted credentials. The differences can be inside the response body, response headers or sometimes, in the response delay. In your application, user enumeration occurs when a user requests a password reset.

Language: PHP

Severity Score

8.2

Related Resources (2)

Url: https://github.com/froxlor/froxlor/commit/4d454a39034b72c2d79ddabc3f719aa98af4b6ed

Url: https://www.mend.io/vulnerability-database/WS-2022-0416

Severity Score

8.2

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version froxlor/froxlor - dev-plugin-feature;froxlor/froxlor - 0.10.x-dev;froxlor/froxlor - dev-dependabot/npm_and_yarn/postcss-8.4.31;froxlor/froxlor - 0.10.28;froxlor/froxlor - 0.10.30;froxlor/froxlor - dev-feature-backup;froxlor/froxlor - 0.10.24;froxlor/froxlor - dev-main;froxlor/froxlor - 0.10.38.3

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2022-0416

Good to know:

Date: November 5, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?