Rafibz007

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 5.1.1 **Description** The application responds differently when logging in with a correct username and incorrect weak password versus an incorrect username and weak password. This difference could be used to perform username enumeration. When a correct username is used with an incorrect weak password, the user receives a notification stating that their password is too weak. In contrast, when an incorrect username is provided alongside a weak password, the application responds with an 'Invalid credentials' notification. **Recommendations** Update to version 5.1.1 or later to resolve the issue.