CVE-2023-3221 Information

Description

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-roundcube-password-recovery-plugin