Typo3 · Typo3/Cms · CVE-2020-11063
**Name of the Vulnerable Software and Affected Versions**
TYPO3 CMS versions 10.4.0 through 10.4.1
**Description**
The issue allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts using time-based attacks with the password reset functionality for backend users.
**Recommendations**
For versions 10.4.0 through 10.4.1, update to version 10.4.2 to resolve the issue.