exploits

  1. Alfa1

    Limit username validation attempts to improve security

    The registration form has a username validation function. it seems this can be abused by attackers to find out what accounts are present on the site. The attacker can run a script to try millions of possible usernames to get a member list. I have recently encountered such attack on my vbulletin...
Top