Lucene search
GoogleOSV:CVE-2023-44399HistoryOct 10, 2023 - 5:15 p.m.
CVE-2023-44399
2023-10-1017:15:13
Google
osv.dev
6
zitadel
identity infrastructure
bug
account verification
password reset
security
software vulnerability
ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called “Ignoring unknown usernames” which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.
Related
veracode
veracode
Information Disclosure
2023-10-12 14:00:56
osv
osv
cve
cve
CVE-2023-44399
2023-10-10 17:15:13
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-44399
2023-10-10 17:15:13
prion
prion
Design/Logic Flaw
2023-10-10 17:15:00
cvelist
cvelist
github
github