CyberArk Identity versions up to and including 22.1 in the βStartAuthenticationβ resource, exposes the response header βX-CFY-TX-TMβ. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
[
{
"product": "CyberArk Identity",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "22.1"
}
]
}
]