Primary

Context

OpenAtlas User Enumeration Vulnerability

Vulnerability

A user enumeration vulnerability has been identified in OpenAtlas version 8.12.0, developed by the Austrian Academy of Sciences. This vulnerability allows remote attackers to gather sensitive information by exploiting the login error messages, which differentiate between incorrect passwords and non-existent usernames. Such a distinction enables attackers to automate the process of verifying username validity, potentially facilitating brute-force attacks, credential stuffing, and phishing attempts.

Impact

Exploitation of this vulnerability allows for automated enumeration of valid usernames, which can be used to launch targeted attacks such as password guessing or phishing.

Remediation

Users are advised to update OpenAtlas to version 8.12.1, where this vulnerability has been fixed.

Added: Nov 24, 2025, 4:22 PM

Updated: Nov 24, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAtlas User Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating