Vulnerabilities > CVE-2020-28208 - Information Exposure Through Discrepancy vulnerability in Rocket.Chat
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/160845/Rocket.Chat-3.7.1-Email-Address-Enumeration.html
- http://seclists.org/fulldisclosure/2021/Jan/32
- http://seclists.org/fulldisclosure/2021/Jan/43
- http://www.openwall.com/lists/oss-security/2021/01/07/1
- http://www.openwall.com/lists/oss-security/2021/01/08/1
- http://www.openwall.com/lists/oss-security/2021/01/13/1
- https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt
- https://trovent.io/security-advisory-2010-01