CVE-2023-38871 Information

Description

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid and when it’s not. This may allow an attacker to determine whether a user or email address is valid or brute force valid usernames and email addresses.

Reference

https://github.com/gugoan/economizzer https://www.economizzer.org https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871