Vulnerability Details CVE-2023-43623
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2023-43623
-
cpe:2.3:a:mendix:forgot_password:-
-
cpe:2.3:a:mendix:forgot_password:2.0.0
-
cpe:2.3:a:mendix:forgot_password:3.0.0
-
cpe:2.3:a:mendix:forgot_password:3.1.0
-
cpe:2.3:a:mendix:forgot_password:3.2.0
-
cpe:2.3:a:mendix:forgot_password:3.2.1
-
cpe:2.3:a:mendix:forgot_password:3.2.2
-
cpe:2.3:a:mendix:forgot_password:3.3.0
-
cpe:2.3:a:mendix:forgot_password:3.3.2
-
cpe:2.3:a:mendix:forgot_password:3.4.0
-
cpe:2.3:a:mendix:forgot_password:3.5.1
-
cpe:2.3:a:mendix:forgot_password:3.6.0
-
cpe:2.3:a:mendix:forgot_password:3.7.0
-
cpe:2.3:a:mendix:forgot_password:3.7.1
-
cpe:2.3:a:mendix:forgot_password:3.7.2
-
cpe:2.3:a:mendix:forgot_password:4.0.0
-
cpe:2.3:a:mendix:forgot_password:4.1.0
-
cpe:2.3:a:mendix:forgot_password:4.1.1
-
cpe:2.3:a:mendix:forgot_password:4.1.2
-
cpe:2.3:a:mendix:forgot_password:5.0.0
-
cpe:2.3:a:mendix:forgot_password:5.1.0
-
cpe:2.3:a:mendix:forgot_password:5.1.1
-
cpe:2.3:a:mendix:forgot_password:5.2.0
-
cpe:2.3:a:mendix:forgot_password:5.3.0
-
cpe:2.3:a:mendix:forgot_password:5.3.1