Vulnerabilities > CVE-2004-0294 - Information Exposure Through Discrepancy vulnerability in Yabbforumsoftware YET Another Bulletin Board 1.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

yabbforumsoftware

CWE-203

NVD

Published: 2004-11-23

Updated: 2024-02-14

Summary

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.

Vulnerable Configurations

Part	Description	Count
Application	Yabbforumsoftware Yabbforumsoftware YET Another Bulletin Board 1.0	1

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

http://www.securityfocus.com/bid/9677
http://marc.info/?l=bugtraq&m=107703591314745&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15236