Volerion logoVolerion
Volerion logoVolerion

Silverpeas Username Enumeration Vulnerability in Forgot Password Endpoint

Vulnerability

A username enumeration vulnerability has been identified in Silverpeas versions 6.4.1 and 6.4.2. The issue resides in the Forgot Password endpoint of the CredentialsServlet. By sending POST requests with usernames in the Login parameter, remote attackers can discern valid usernames based on the differing HTTP response status codes. A status of 200 OK indicates a valid username, while 302 Found signifies an invalid one.

Impact

Exploitation of this vulnerability allows for username enumeration, enabling attackers to identify valid usernames on the system.

Reproduction

The vulnerability can be reproduced by sending POST requests to the /CredentialsServlet/ForgotPassword endpoint with usernames in the Login parameter. The server's response can be monitored for status codes: 200 OK for valid usernames and 302 Found for invalid ones. This process can be automated with a Python script that uploads the usernames and checks the response status codes.

Remediation

Users can upgrade to Silverpeas version 6.4.3, which addresses this vulnerability.

Added: Sep 2, 2025, 2:20 PM
Updated: Sep 2, 2025, 8:44 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
0.0
exploitability
9.1
remediation
7.7
relevance
0.4
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.