CVE-2023-48028
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.
kodbox 1.46.01 tiene una falla de seguridad que permite la enumeración de usuarios. Este problema está presente en la página de inicio de sesión, donde un atacante puede identificar usuarios válidos basándose en diferentes mensajes de respuesta, lo que potencialmente allana el camino para un ataque de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-13 CVE Reserved
- 2023-11-16 First Exploit
- 2023-11-17 CVE Published
- 2024-08-29 CVE Updated
- 2024-12-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://github.com/nitipoom-jar/CVE-2023-48028 | 2023-11-16 | |
| https://nitipoom-jar.github.io/CVE-2023-48028 | 2024-08-29 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|