Snipe-IT is an open source IT asset/license management system. snipe-it suffers from an information disclosure vulnerability that stems from the existence of two different responses for unregistered and registered email addresses in the password reset page. An attacker could use this vulnerability to enumerate the email addresses of registered users, which in turn would increase the success rate of brute force password cracking.