Threats Tagged 'cwe-204'

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerate valid helpdesk agent email addresses. This vulnerability is fixed in 1.8.219.

WWBN AVideo versions 29. 0 and earlier contain a vulnerability in the objects/mention. json. php endpoint that allows unauthenticated user enumeration. The endpoint lacks proper authentication checks such as User::loginCheck() or admin gate, relying only on a weak entry guard that matches a request parameter. This flaw enables attackers to enumerate users without authentication. The vulnerability is assigned CVE-2026-45620 with a medium severity and a CVSS score of 5. 3. No official patch or remediation guidance is currently available from the vendor.

Statamic CMS versions prior to 5. 73. 21 and 6. 15. 0 have a vulnerability in their forgot password forms that allows unauthenticated attackers to determine if an email address is associated with an account. This user enumeration vulnerability can facilitate further credential-based attacks. The issue is fixed in versions 5. 73. 21 and 6. 15.

CVE-2024-0391 is a medium severity vulnerability in WSO2 Identity Server versions 5. 10. 0 through 7. 0. 0. It involves an observable response discrepancy in the email OTP flow's user account lock state check, which fails to properly validate user input. This flaw allows an attacker to determine whether specific usernames are registered in the system. Such information disclosure can facilitate brute-force and social engineering attacks, increasing risks to user data and organizational security.

OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api/reset endpoint behaves differently depending on whether the supplied username exists in the system. When a non-existent email is provided in the login parameter, the endpoint returns an HTTP 400 response (Bad Request). When a valid email is supplied, the endpoint responds with HTTP 200. This difference in server responses creates an observable discrepancy that allows an attacker to reliably determine which emails are registered in the application. By automating requests with a list of possible email addresses, an attacker can quickly build a list of valid accounts without any authentication. The endpoint should return a consistent response regardless of whether the username exists in order to prevent account enumeration. Version 2.0.13 fixes this issue.

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An unauthenticated attacker can exploit this difference to enumerate valid usernames, with no rate limiting or account lockout to impede the process. This issue has been fixed in version 7.2.0.

CVE-2026-34264 is a vulnerability in SAP Human Capital Management for SAP S/4HANA where authorization checks return specific messages that allow an authenticated user with low privileges to infer and enumerate information beyond their authorized scope. This results in the disclosure of sensitive information, impacting confidentiality. Integrity and availability are not affected. The vulnerability has a CVSS score of 6. 5, indicating a medium severity level. No official patch or remediation guidance is currently provided by the vendor. There are no known exploits in the wild at this time.

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

User enumeration in ESET Protect (on-prem) via Response Timing.

MediumVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2025-3716#cwe-204