YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
AV:N/AC:L/Au:N/C:P/I:N/A:N
23/11/2004
by Yabb
4 years ago
by Yabbforumsoftware
19 years ago