CVE-2025-67806
EUVD-2025-20916601.04.2026, 16:23
The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration
- CWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
- CWE-204 - Observable Response DiscrepancyThe product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.