Lam Yiu Tung

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.2.4 PrestaShop versions prior to 9.0.3 **Description** PrestaShop contains a time-based user enumeration issue in its user authentication functionality. An attacker can determine if a customer account exists by observing response times. The vulnerable functionality does not involve any API endpoints or specific parameters. The `authenticate()` function is affected. **Recommendations** Update to PrestaShop version 8.2.4 or later. Update to PrestaShop version 9.0.3 or later.