CVE-2023-48028

Published: Nov 18, 2023Modified: Sep 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

Affected (1)

Products: Kodcloud: Kodbox

Kodcloud

1 product

Kodbox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kodcloud Kodbox	Version 1.46.01

Related CWEs

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (5)

https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae

Source: cve@mitre.org

Broken Link

https://nitipoom-jar.github.io/CVE-2023-48028/

Source: cve@mitre.org

Exploit

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028

Source: cve@mitre.org

https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://nitipoom-jar.github.io/CVE-2023-48028/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.