37 matches found
CVE-2025-3716
User enumeration in ESET Protect on-prem via Response Timing...
EUVD-2025-209122
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2025-3716
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2025-3716
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2025-3716 User enumeration in ESET Protect (on-prem)
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2025-3716 User enumeration in ESET Protect (on-prem)
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2025-3716
CVE-2025-3716 affects ESET Protect (on-prem). The issue is user enumeration via response timing, exposing authentication-related information. According to the connected documents, CVSS 4.0 base factors yield a 5.3 (Medium) overall score with Adjacent attack vector, Low attack complexity, and no p...
PT-2026-28804
User enumeration in ESET Protect on-prem via Response Timing...
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames
Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...
Spring Security security vulnerabilities
Spring Security is a security framework developed by Spring, an open-source project, that includes authentication and authorization features. Spring Security has security vulnerabilities; these vulnerabilities stem from the timing attack mitigation measures in the DaoAuthenticationProvider being...
Mautic Vulnerable to User Enumeration via Response Timing
Impact The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. Patches This vulnerability has been patched, implementing a timing-safe form login...
CVE-2025-9824
The CVE-2025-9824 issue stems from different login response times for existing versus non-existent users in Mautic, enabling user enumeration and potential brute-force attempts. Technical details describe that valid usernames trigger password hashing while invalid ones do not; the fix adds a Timi...
CVE-2025-9824 User Enumeration via Response Timing
ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...
Timing Side-channel Attacks
github.com/hashicorp/vault is vulnerable to Timing side-channel Attacks. The vulnerability is due to differences in response timing in the Userpass auth method, which allows an attacker to distinguish between valid and invalid usernames and potentially enumerate existing accounts...
PT-2025-23116 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: Mautic affected versions not specified Description: A security issue exists in the "Forget your password" functionality of Mautic, allowing unauthenticated users to enumerate valid usernames through a timing-based attack. This is due to...
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...
CVE-2020-8213
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing...
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...
CVE-2025-24011 Umbraco CMS Vulnerable to User Enumeration Feasible Based On Management API Timing and Response Codes
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, it's possible to determine whether an account exists based on an analysis of response codes and timing of Umbraco management API responses. Versions 14.3.2 and...