New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User Enumeration in Sign in page #2346
Comments
@FrederickChan @RobiNN1 any updates on this? |
Hi @RobiNN1 , Can i raise a CVE request for this now? Thanks, |
I don't care about CVE but do what you want. It's already fixed. |
@oosman-rak I really hope you guys do not run penetration tests on our live sites. We had a huge traffic spikes in January, on demos to be specific. |
Hi @JoakimFalk, |
Hi ! |
Describe the bug
It was observed that the login page of the php-fusion throwed different messages upon different username entries. This shows that the product is vulnerable to user enumeration vulnerability.
Version
PHP-Fusion latest version 9.03.90.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Display a common message for any combination of wrong username/password.
Screenshots
The text was updated successfully, but these errors were encountered: