The password reset feature in Movable Type prior to 3.2 generates different error messages depending on whether a user exists or not, which allows remote malicious users to determine valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
six apart movable type 3.17 |