2 matches found
Dify - User Enumeration via "Account not found" Message
A user enumeration vulnerability exists in langgenius/dify, where the login API leaks information about whether a user account exists or not. When an invalid/non-existent email is used during login, the API returns a distinct error message such as "accountnotfound" or "Account not found.", allowi...
User Enumeration via "Account not found" Message
This report is not public...