CVE-2025-1101

Name of the Vulnerable Software and Affected Versions Q-Free MaxTime versions less than or equal to 2.11.0

Description A "Observable Response Discrepancy" in the login page allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests. This issue is related to the login functionality, where differences in response can reveal whether a username is valid or not.

Recommendations For Q-Free MaxTime versions less than or equal to 2.11.0, update to a version greater than 2.11.0 to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.