CVE-2022-34530
MEDIUMBackdrop CMS < 1.22.0 - Username Enumeration via Password Reset Request
Title source: llmDescription
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
Not Applicable x_refsource_misc
http://backdrop.com
Scores
CVSS v3
5.3
EPSS
0.0051
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-640
Status
published
Products (1)
backdropcms/backdrop_cms
< 1.22.0
Published
Aug 01, 2022
Tracked Since
Feb 18, 2026