Primary

Context

Sage DPW User Enumeration Vulnerability via Distinct Login Feedback

Vulnerability

Patched

A user enumeration vulnerability exists in Sage DPW versions prior to 2021_06_000, excluding Sage DPW Cloud. The login mechanism provides different error messages for valid and invalid usernames, allowing on-premise administrators to enable or disable this feature in newer versions. Exploitation involves analyzing the variations in authentication responses to identify valid usernames.

Impact

Successful exploitation allows for the enumeration of valid usernames, potentially leading to targeted attacks such as password guessing or phishing.

Remediation

Users can update to Sage DPW version 2025_06_004, where this vulnerability has been addressed. Instructions for updating can be found on the Sage DPW website.

Added: Apr 1, 2026, 4:51 PM

Updated: Apr 1, 2026, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.4

remediation

7.7

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.4

remediation

7.7

relevance

5.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sage DPW User Enumeration Vulnerability via Distinct Login Feedback

Vulnerability

Impact

Remediation

Affected Products

Sage DPW

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating