Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
History

Mon, 16 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
Title Information disclosure in Request New Password feature Information disclosure in Request New Password feature

cve-icon MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2022-06-13T08:01:04.282221Z

Updated: 2024-09-16T16:43:46.120Z

Reserved: 2022-06-09T00:00:00

Link: CVE-2022-32741

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-06-13T08:15:19.083

Modified: 2024-11-21T07:06:52.127

Link: CVE-2022-32741

cve-icon Redhat

No data.