CVE-2023-38871
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when itโs not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.
Source: CVE-2023-38871