CVE-2018-1000549
MEDIUMWekan 1.04.0 - Email and Username Enumeration via Register and Forgot Password Pages
Title source: llmDescription
Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to obtain valid usernames and email addresses.. This attack appear to be exploitable via HTTP Request.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://shadow-vault.com/wekan.html
Various Sources x_refsource_misc
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2018/1000xxx/CVE-2018-1000549.json
Various Sources x_refsource_misc
https://wekan.github.io/hall-of-fame/brutebleed/
Scores
CVSS v3
5.3
EPSS
0.0130
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
wekan_project/wekan
1.04.0
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026