CVE-2019-25338 — Observable Response Discrepancy in Dokuwiki

CWE-204 — Observable Response Discrepancy5 documents5 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 85.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki

Timeline

PublishedFeb 12

Latest updateFeb 13

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/dokuwiki

▶CVEListV5dokuwiki/dokuwiki2018-04-22b "Greebo"

▶NVDdokuwiki/dokuwiki2018-04-22b

🔴Vulnerability Details

GHSA

GHSA-j2hg-vp99-659f: DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user ac↗2026-02-13

▶

OSV

CVE-2019-25338: DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user ac↗2026-02-12

▶

📋Vendor Advisories

Debian

CVE-2019-25338: dokuwiki - DokuWiki 2018-04-22b contains a username enumeration vulnerability in its passwo...↗2019

▶

🕵️Threat Intelligence

Wiz

CVE-2019-25338 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶