IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. At
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Att
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to
Due to improper authentication mechanism an unauthenticated remote attacker can enumerate valid usernames.
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames t
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attack
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.
This vul
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_s
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by
User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access atte
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames.
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vul
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for v
There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application r
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.
IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid
Page 1+ Next →