Mautic
Moderate fix3 remedies
cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 4.4.0, < 4.4.17
- >= 5.0.0-alpha, < 5.2.8
- >= 6.0.0-alpha, < 6.0.5
Mautic Timing Attack Vulnerability Allowing User Enumeration
Vulnerability
Patched
A vulnerability in Mautic's login process can be exploited to enumerate valid usernames. This issue arises from inconsistent response times when processing login requests. A valid username triggers password hashing, while an invalid one does not, creating a timing difference that attackers can exploit. Once valid usernames are identified, attackers could attempt brute-force attacks. This vulnerability affects Mautic versions 4.4.0 through 4.4.16, 5.0.0-alpha through 5.2.7, and 6.0.0-alpha through 6.0.4.
Impact
Exploitation of this vulnerability allows attackers to enumerate valid usernames, potentially leading to brute-force attacks on user accounts.
Remediation
Users should upgrade to Mautic versions 4.4.17, 5.2.8, or 6.0.5, all of which include the necessary patch. Instructions for upgrading can be found in the Mautic documentation.
Added: Sep 3, 2025, 4:06 PM
Updated: Sep 3, 2025, 4:06 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
5.0exploitability
7.6remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.