Ponge369

**Name of the Vulnerable Software and Affected Versions** Aranda PassRecovery version 1.0 **Description** An issue allows attackers to enumerate valid user accounts in Active Directory. This is achieved by sending a crafted POST request to the `/user/existdirectory/1` API endpoint. The `POST` request allows for the enumeration of user accounts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.