CVE-2019-25338

Name of the Vulnerable Software and Affected Versions DokuWiki version 2018-04-22b

Description The software contains a flaw in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset functionality and differentiate between existing and non-existing accounts by analyzing the server's error response messages. The vulnerable functionality is accessible via the password reset endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.