The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an malicious user to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
economizzer economizzer april_2023 |
||
economizzer economizzer 0.9 |