Talha Şen

**Name of the Vulnerable Software and Affected Versions** DokuWiki version 2018-04-22b **Description** The software contains a flaw in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset functionality and differentiate between existing and non-existing accounts by analyzing the server's error response messages. The vulnerable functionality is accessible via the password reset endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.