2023-09-28 00:00:00
mitre
PUBLISHED
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when its not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.