CVE Catalog

CVE-2023-40182

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile — higher than 24% of all known CVEs

Summary

In the password recovery form of Silverware Games, the response time varies depending on whether the specified email address exists in the database. This issue has been fixed in version 1.3.7.

Risk Assessment

Differences in response time may allow attackers to confirm the existence of an email account in the system, increasing the risk of brute force attacks.

Recommendation

It is recommended to upgrade to version 1.3.7 to eliminate this vulnerability and minimize the risk associated with user information disclosure.

Original NVD description (English source)

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS