CVE-2024-47057

Name of the Vulnerable Software and Affected Versions Mautic (affected versions not specified)

Description A security issue exists in the "Forget your password" functionality of Mautic, allowing unauthenticated users to enumerate valid usernames through a timing-based attack. This is due to differences in response times for existing and non-existing users, combined with a lack of request limiting.

Recommendations Update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.