Vulnerability Description
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wekan Project | Wekan | 1.04.0 |
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/
- https://shadow-vault.com/wekan.htmlThird Party Advisory
- https://wekan.github.io/hall-of-fame/brutebleed/
- https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/
- https://shadow-vault.com/wekan.htmlThird Party Advisory
- https://wekan.github.io/hall-of-fame/brutebleed/
FAQ
What is CVE-2018-1000549?
CVE-2018-1000549 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obt...
How severe is CVE-2018-1000549?
CVE-2018-1000549 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000549?
Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.