YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/15236http://marc.info/?l=bugtraq&m=107703591314745&w=2http://www.securityfocus.com/bid/9677
