User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Liferay

Published: 2024-02-20T13:17:28.137Z

Updated: 2024-08-15T17:50:15.783Z

Reserved: 2024-02-15T07:44:36.776Z

Link: CVE-2024-26268

cve-icon Vulnrichment

Updated: 2024-08-02T00:07:19.174Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-20T14:15:09.350

Modified: 2024-11-21T09:02:16.310

Link: CVE-2024-26268

cve-icon Redhat

No data.