CVE-2004-0294
Yabbforumsoftware Yet Another Bulletin Board - Information Disclosure
Title source: ruleDescription
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15236
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107703591314745&w=2
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9677
Scores
EPSS
0.0242
EPSS Percentile
82.0%
Details
CWE
CWE-203
Status
published
Products (1)
yabbforumsoftware/yet_another_bulletin_board
1.0 sp1.3.1
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026