6 matches found
CVE-2025-11750
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...
CVE-2025-11750 User Enumeration via Distinct Error Messages in langgenius/dify-web
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...
PT-2025-43031
Name of the Vulnerable Software and Affected Versions langgenius/dify-web version 1.6.0 Description The authentication process in the software reveals whether user accounts exist by providing different error messages depending on whether a username or email is registered. Attempting to log in or...
CVE-2025-56764
Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a username exists or not by returning different error messages "Unknown user" vs. "Wrong password", allowing an attacker to enumerate valid usernames...
GHSA-W82P-R9VW-4RG5 WSO2's Input Validation Management Service contains Observable Discrepancy when Multi-Attribute Login is enabled
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...
CVE-2019-18986
Pimcore before 6.2.2 allow attackers to brute-force guess valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users...