Barnabás Horváth

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP versions prior to 7.4 update 27 Liferay DXP versions prior to 7.3 update 8 Liferay DXP versions prior to 7.2 fix pack 20 **Description** The issue allows remote attackers to determine if an account exists in the application by comparing the request's response time. This is a user enumeration vulnerability that can be exploited by analyzing the time it takes for the application to respond to requests. **Recommendations** For Liferay Portal versions 7.2.0 through 7.4.3.26, update to a version outside of this range to resolve the issue. For Liferay DXP versions prior to 7.4 update 27, apply update 27 or later. For Liferay DXP versions prior to 7.3 update 8, apply update 8 or later. For Liferay DXP versions prior to 7.2 fix pack 20, apply fix pack 20 or later.