Julien Oury

**Name of the Vulnerable Software and Affected Versions** Halvotec RAQuest versions prior to 10.24.11206.1 **Description** An issue was discovered in the login page, which is vulnerable to wildcard injection. This allows an attacker to enumerate the list of users sharing an identical password. **Recommendations** For versions prior to 10.24.11206.1, update to Release 10.24.11206.1 to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.