How severe is CVE-2023-40179?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-40179?

This is classified as CWE-204, which is a common weakness in software security.

CVE-2023-40179 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.

Related Vulnerabilities

CVE-2016-9499

MEDIUM

CVSS:5.3(Medium)

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts an...

CWE-2042016

CVE-2019-19030

MEDIUM

CVSS:5.3(Medium)

Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.

CWE-2042019

CVE-2021-20556

MEDIUM

CVSS:5.3(Medium)

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.

CWE-2042021

CVE-2021-36201

MEDIUM

CVSS:5.3(Medium)

Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions.

CWE-2042021

CVE-2021-38476

MEDIUM

CVSS:5.3(Medium)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate differe...

CWE-2042021

CVE-2021-39189

MEDIUM

CVSS:5.3(Medium)

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in versio...

CWE-2042021