Primary

Context

DokuWiki Username Enumeration Vulnerability in Password Reset Functionality

Vulnerability

A username enumeration vulnerability has been identified in DokuWiki version 2018-04-22b. This issue arises within the password reset feature, allowing attackers to determine valid user accounts. By submitting various usernames to the password reset endpoint and analyzing the server's error response, attackers can distinguish between existing and non-existing accounts.

Impact

Exploitation of this vulnerability allows for username enumeration, enabling attackers to identify valid user accounts.

Reproduction

To reproduce this vulnerability, access the password reset endpoint and submit usernames. For non-valid users, the response will indicate that the user cannot be found. For valid users, the response will mention an error with SMTP communication, indicating a password reset email could not be sent.

Added: Feb 12, 2026, 11:22 PM

Updated: Feb 12, 2026, 11:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

9.5

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

9.5

remediation

0.0

relevance

3.0

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DokuWiki Username Enumeration Vulnerability in Password Reset Functionality

Vulnerability

Impact

Reproduction

Affected Products

DokuWiki

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating