2 matches found
CVE-2019-18986
Pimcore before 6.2.2 allow attackers to brute-force guess valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users...
CVE-2019-18986
CVE-2019-18986 concerns Pimcore prior to version 6.2.2. The issue enables an attacker to enumerate valid usernames by abusing the forgot-password flow, which returns distinct messages for invalid passwords versus non-existent users. Root cause in the public descriptions is an information-disclosu...