Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Silverware Games vulnerable to account enumeration via inconsistent responses
Vulnerability Description
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
响应差异性信息暴露
Vulnerability Title
Silverware Games 安全漏洞
Vulnerability Description
Silverware Games是Silverware Games公司的一款游戏。 Silverware Games 1.3.6 版本之前存在安全漏洞,该漏洞源于通过密码重置功能可以猜测用户电子邮箱地址。
CVSS Information
N/A
Vulnerability Type
N/A