CVE-2022-0564 is a vulnerability identified in Qlik Sense Enterprise on Windows, specifically affecting version 14.x when LDAP authentication is configured. The vulnerability arises from an observable response discrepancy in the authentication mechanism at the URI endpoint /internal_forms_authentication/. An attacker can exploit this by sending authentication requests with different usernames and measuring the response times. The system responds faster when the username exists and slower when it does not, allowing an attacker to enumerate valid domain user accounts remotely without authentication. This side-channel timing attack leverages the difference in processing time to distinguish between valid and invalid usernames, potentially aiding further targeted attacks such as brute force or social engineering. The vulnerability is categorized under CWE-204 (Observable Response Discrepancy), which involves information leakage through timing differences. No known exploits have been reported in the wild, and no official patches have been linked, indicating that mitigation may require configuration changes or vendor updates. The vulnerability does not require user interaction or prior authentication, increasing its risk profile. However, the impact is limited to user enumeration and does not directly allow privilege escalation or code execution.

For European organizations using Qlik Sense Enterprise on Windows version 14.x with LDAP authentication enabled, this vulnerability poses a moderate risk. The ability to enumerate valid domain user accounts can facilitate reconnaissance activities by threat actors, enabling more efficient password guessing, phishing, or targeted attacks against identified users. This can lead to compromised credentials, unauthorized access, and potential lateral movement within corporate networks. Organizations in sectors with high-value data or critical infrastructure may face increased risk if attackers leverage this information to escalate attacks. While the vulnerability does not directly compromise system integrity or availability, the information disclosure can be a stepping stone for more severe intrusions. Given the widespread use of Qlik Sense in data analytics and business intelligence across Europe, especially in finance, manufacturing, and public sectors, the threat could have significant operational and reputational consequences if exploited.

To mitigate this vulnerability, organizations should first verify if LDAP authentication is enabled on their Qlik Sense Enterprise 14.x deployments. If so, consider temporarily disabling LDAP authentication or restricting access to the /internal_forms_authentication/ endpoint via network segmentation or firewall rules to trusted IP addresses only. Implement rate limiting and monitoring on authentication endpoints to detect and block abnormal request patterns indicative of enumeration attempts. Additionally, applying any vendor-provided patches or updates as they become available is critical. If patches are not yet released, consider deploying Web Application Firewalls (WAFs) with custom rules to detect timing-based enumeration attempts. Logging and alerting on authentication failures and unusual response time patterns can help in early detection. Finally, educating users on phishing risks and enforcing strong multi-factor authentication (MFA) can reduce the impact of credential harvesting facilitated by user enumeration.