Poan21

**Name of the Vulnerable Software and Affected Versions** Umbraco 10 versions prior to 10.8.4 Umbraco 10 version 10.8.5 is not affected as it contains the fix. **Description** Umbraco is an ASP.NET content management system. A user enumeration attack is possible when access to the native login screen is available. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. **Recommendations** For Umbraco 10 versions prior to 10.8.4, update to version 10.8.5 to resolve the issue. As a temporary workaround, consider disabling the native login screen by exclusively using external logins until a patch is applied.