CVE-2022-40084
OpenCRX prior to v5.2.2 is vulnerable to password enumeration due to differences in error messages during password reset, enabling an attacker to determine if a username, email, or ID is valid. Affected product: OpenCRX (versions before 5.2.2). Root cause: inconsistent/verbose error responses rev...