We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-40179

Silverware Games vulnerable to account enumeration via inconsistent responses



Description

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.

Reserved 2023-08-09 | Published 2023-08-25 | Updated 2024-10-02 | Assigner GitHub_M


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-204: Observable Response Discrepancy

Product status

< 1.3.6
affected

References

github.com/...racker/security/advisories/GHSA-789j-chfj-58hr

cve.org (CVE-2023-40179)

nvd.nist.gov (CVE-2023-40179)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-40179

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.