CVE-2025-6056 | THREATINT

Description

Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.

PUBLISHED Reserved 2025-06-13 | Published 2025-07-04 | Updated 2025-07-07 | Assigner NCSC.ch

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-203 Observable Discrepancy

Product status

Default status

unaffected

7.7.9 (custom)

affected

8.0.8 (custom)

affected

8.1.7 (custom)

affected

8.2.4 (custom)

affected

8.3.1 (custom)

affected

8.4.1 (custom)

unaffected

Credits

Patrick Schlüter - Redguard AG finder

References

www.redguard.ch/...25-6056-airlock-iam-username-enumeration/ third-party-advisory

cve.org (CVE-2025-6056)

nvd.nist.gov (CVE-2025-6056)

Download JSON