Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Description
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
Problem types
CWE-204:Observable Response Discrepancy
Product status
Any version before 2.18.0
Any version before 2.16.5
Any version before 2.18.0
Any version before 2.16.5
Any version before 2.16.5
Any version before 2.18.0
Any version before 2.18.0
Any version before 2.16.5
Credits
Peter Husted Simonsen
Irwin Przeperski
Eviden
References
certvde.com/en/advisories/VDE-2025-035
certvde.com/en/advisories/VDE-2025-038