An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.
Metrics
Affected Vendors & Products
References
History
Fri, 31 Jan 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-02-13T16:49:49.813Z
Reserved: 2023-04-27T00:00:00.000Z
Link: CVE-2023-31286

Updated: 2024-08-02T14:53:30.644Z

Status : Modified
Published: 2023-04-27T03:15:10.160
Modified: 2025-01-31T19:15:14.920
Link: CVE-2023-31286

No data.