Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User enumeration vulnerability in Roundcube Password Recovery Plugin
Vulnerability Description
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
响应差异性信息暴露
Vulnerability Title
Roundcube Password Recovery plugin 安全漏洞
Vulnerability Description
Roundcube Webmail是一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Password Recovery plugin 1.2版本存在安全漏洞,该漏洞源于存在用户枚举漏洞,可能允许远程攻击者针对密码恢复功能创建测试脚本以枚举数据库中的所有用户。
CVSS Information
N/A
Vulnerability Type
N/A