User Account Enumeration Vulnerability in HumHub Social Network Kit Enterprise v1.3.13

User Account Enumeration Vulnerability in HumHub Social Network Kit Enterprise v1.3.13

CVE-2019-12743 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.

Learn more about our Network Penetration Testing.