openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote malicious users to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open webmail open webmail 1.7 |
||
open webmail open webmail 1.71 |