CVE-2025-30344

OpenSlides before 4.2.5 is affected by a timing-side channel vulnerability in /system/auth/login/. The response time differs depending on whether a user exists because password hashing is omitted in login handling, enabling potential information disclosure. The documented impact is a low-to-mediu...

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration or...

CVE-2004-0294

YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack...

implementation problem in Microsoft LDAP?

Hello, I have been looking at the microsoft LDAP service error codes responses and when I'm not authenticated anonymous I can know if an object exists or not. I would like to know if this is an implementation problem. Problem 1: Here we have a log of the saucer program an ldap client as you can...