tag in evidenza Sviluppo sostenibile Diversity Comunicazione istituzionale Climate strategy IOT

tag

CVE-2025-12455 - OpenText Vertica 

CVE-2025-12455 - OpenText Vertica

Vulnerability Description: Observable Response Discrepancy - CWE-204

Software Version: 10.x, 11.x, 12.x

NISThttps://nvd.nist.gov/vuln/detail/CVE-2025-12455

CVSS

Severity: 

Credits: Marco Nappi, Mariano Forte, Federico Draghelli, Massimiliano Brolli

Username enumeration via observable response discrepancy.

Step-by-step instructions and PoC

  1.  Log in to the web application  
  2. Visit the provided URL 

Affected Endpoints

  • URL: https://<ip>:<port>/webui/forgotpassword/usernamevalidation
  • HTTP Parameter: Value

 

Below are the evidences with the vulnerability details and the payloads used.

Payload used to exploit the vulnerability: {“value”:”<username>”}

Image 1 - Valid Username

Click To Enlarge

Image2 - Invalid Username

Click to Enlarge

Security Impact

Due to the following Username Enumeration vulnerability an attacker exploiting it can enumerate the valid usernames. Because of the different responses provided by the web application, an attacker can identify valid usernames and thus reduce the complexity of a possible brute-force attack.

Back