CVE DATABASE / CVE-2004-0294
CVE-2004-0294
CVSS 5 · MEDIUM
Summary
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
CVSS 2.0 breakdown
| Base score | 5 (MEDIUM) |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | NONE |
| Availability | NONE |
Weakness type (CWE)
Affected products
Yabbforumsoftware yet another bulletin board
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=107703591314745&w=2
- http://www.securityfocus.com/bid/9677
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15236
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.