CVE-2018-25350

Name of the Vulnerable Software and Affected Versions userSpice version 4.3.24

Description An issue allows unauthenticated attackers to discover valid usernames by sending POST requests to the 'existingUsernameCheck.php' endpoint. By submitting usernames and analyzing the response text for the 'taken' string, attackers can identify existing accounts in the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.