Beta80 Life 1st Identity Manager User Enumeration Vulnerability via Authentication REST APIs

Vulnerability

A vulnerability allowing user enumeration has been identified in Beta80 Life 1st Identity Manager version 1.5.2.14234. This issue arises from the authentication REST APIs, which return different error messages for failed login attempts, depending on whether the password is incorrect or the username does not exist. This discrepancy can be exploited by unauthorized actors to determine the validity of user accounts.

Impact

Exploitation of this vulnerability allows for user enumeration, where an attacker can identify registered users in the system by analyzing the response messages from authentication attempts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Beta80 Life 1st Identity Manager User Enumeration Vulnerability via Authentication REST APIs

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating