12 matches found
CVE-2025-1396
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
EUVD-2025-31223
Malicious code in bioql PyPI...
Observable Discrepancy
Overview Affected versions of this package are vulnerable to Observable Discrepancy in the authentication process, when Multi-Attribute Login is enabled. An attacker can determine the existence of valid usernames by observing distinct error messages returned by the system in response to login...
GHSA-W82P-R9VW-4RG5 WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2025-1396
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2025-1396
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2025-1396
WSO2 username enumeration vulnerability (CVE-2025-1396) occurs when Multi-Attribute Login is enabled across multiple WSO2 products. The login flow returns a distinct error message for non-existing usernames, enabling observers to determine valid user IDs. Impact includes potential for targeted br...
CVE-2025-1396 Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server IS is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server that originates from the return of a specific error message when Multi-Attribute Login is enabled, which could lead to a username enumeration attack...
PT-2025-39521
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A username enumeration issue exists when Multi-Attribute Login is enabled. The system provides a different response for existing and non-existing usernames, regardless of the validate...