CVE-2023-48028

CRITICAL

kodbox 1.46.01 - User Enumeration via Login Page Response Messages

Title source: llm

Description

kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

References (3)

Core 3

Core References

Various Sources

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028

Broken Link

https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae

Exploit

https://nitipoom-jar.github.io/CVE-2023-48028/

Scores

CVSS v3 9.8

EPSS 0.0111

EPSS Percentile 61.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-307

Status published

Products (1)

kodcloud/kodbox 1.46.01

Published Nov 18, 2023

Tracked Since Feb 18, 2026