Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40182: The server responds in a noticeably different amount of time depending if a given email address exists or not

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

CVE
Open in Source
#vulnerability#web#git#php

Skip to content

Sign up

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Resources

    • Customer Stories
    • White papers, Ebooks, Webinars
    • Partners

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

mesosoi / silverwaregames-io-issue-tracker Public

  • Notifications
  • Fork 0
  • Star 3
  • Code
  • Issues 67
  • Pull requests
  • Discussions
  • Actions
  • Projects
  • Security
  • Insights

More

Low

mesosoi published GHSA-9684-6j5x-ccx9

Aug 22, 2023

Package

recovery.php (SilverwareGames.io)

Affected versions

< 1.3.7

Patched versions

1.3.7

Description

When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

See also: CVE-2023-40179

Severity

Low

3.7

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE ID

CVE-2023-40182

Weaknesses

CWE-208

Related news

CVE-2023-40179: Account enumeration via discrepancies in responses

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE