Vulnerability Description
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kodcloud | Kodbox | 1.46.01 |
Related Weaknesses (CWE)
References
- https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deaeBroken Link
- https://nitipoom-jar.github.io/CVE-2023-48028/Exploit
- https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028
- https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deaeBroken Link
- https://nitipoom-jar.github.io/CVE-2023-48028/Exploit
FAQ
What is CVE-2023-48028?
CVE-2023-48028 is a vulnerability with a CVSS score of 9.8 (CRITICAL). kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially ...
How severe is CVE-2023-48028?
CVE-2023-48028 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-48028?
Check the references section above for vendor advisories and patch information. Affected products include: Kodcloud Kodbox.