Silverpeas 6.4.1-6.4.2 - User Enumeration via ForgotPassword Login Parameter
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.