Unknown · Backdrop Cms · CVE-2022-34530
**Name of the Vulnerable Software and Affected Versions**
Backdrop CMS version 1.22.0
**Description**
An issue in the login and reset password functionality allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
**Recommendations**
For Backdrop CMS version 1.22.0, update to a version that fixes the issue in the login and reset password functionality to prevent username enumeration via password reset requests.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.