Primary

Context

Horde Groupware User Enumeration Vulnerability

Vulnerability

A user enumeration vulnerability has been identified in Horde Groupware version 5.2.22, allowing an unauthenticated attacker to verify the existence of user accounts. The vulnerability arises in the 'imp/attachment.php' file, where an HTTP request can be sent with the 'id' and 'u' parameters. If the specified user exists, the server responds by downloading an empty file. Conversely, if the user does not exist, no download occurs, thereby revealing the user's validity status.

Impact

Exploitation of this vulnerability allows for user enumeration, enabling attackers to identify valid accounts on the system.

Reproduction

To reproduce this vulnerability, send an HTTP request to '/imp/attachment.php' with the 'id' and 'u' parameters. If the user exists, an empty file will be downloaded. If the user does not exist, no download will occur.

Added: Dec 2, 2025, 2:21 PM

Updated: Dec 2, 2025, 5:43 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

6.6

remediation

0.0

relevance

1.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Horde Groupware User Enumeration Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Horde Groupware

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating