YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote malicious users to identify valid users and conduct a brute force password guessing attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yabbforumsoftware yet another bulletin board 1.0 |