Publish Date: Oct. 23, 2018
SummaryWe've identified and fixed a vulnerability in the Spiceworks Community that could allow an attacker to determine if a Spiceworks Community account exists for a specific email address.
Who’s Affected?At this time we do not believe anyone was affected by this vulnerability.
DetailsWhen re-sending email verification emails through the Spiceworks Community, the system would have multiple messages depending on whether the email address has been registered but not verified, verified, or not registered. An attacker could use these responses to determine if an email address has a Spiceworks Community profile associated with it. This could allow for a targeted attack on a Community profile.
Mitigating FactorsTo exploit this vulnerability, the attacker would have to know the email address to check and would...