4 matches found
CVE-2019-25338
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...
CVE-2019-25338 Dokuwiki 2018-04-22b - Username Enumeration
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...
CVE-2019-25338
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...
CVE-2019-25338
CVE-2019-25338 affects DokuWiki (2018-04-22b). The issue is a username enumeration flaw in the password reset flow: submitting different usernames yields different error responses, allowing an attacker to identify valid accounts. Connected documents corroborate this as a username disclosure vulne...