OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
{ "cwe_ids": [ "CWE-203" ], "github_reviewed": true, "github_reviewed_at": "2022-10-24T18:51:43Z", "nvd_published_at": "2022-10-20T14:15:00Z", "severity": "MODERATE" }