Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open WebMail用户名远程信息泄露漏洞
Vulnerability Description
Open Webmail是一款免费开放源代码WEB EMAIL应用程序,可使用于Unix和Linux操作系统。 Open Webmail在验证过程中返回过多提示信息,远程攻击者可以利用这些信息进行用户名枚举等其他攻击。 在Open Webmail在验证过程中,如果用户输入某一不存在用户名,Open Webmail会返回如下错误信息: --- Open WebMail ERROR user does not exist Open WebMail version 1.71 --- 利用此错误信息,攻击者可以通
CVSS Information
N/A
Vulnerability Type
N/A