CVE-2019-25338
Username Enumeration in DokuWiki Password Reset Function Allows Account Disclosure
Publication date: 2026-02-12
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dokuwiki | dokuwiki | 2018-04-22b |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in DokuWiki 2018-04-22b and involves the password reset functionality. It allows attackers to perform username enumeration by submitting different usernames to the password reset endpoint. By analyzing the server's error response messages, attackers can determine which usernames correspond to valid user accounts.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to identify valid usernames on your DokuWiki installation. This information can be used to facilitate further attacks, such as targeted phishing, brute force attacks, or social engineering, potentially compromising user accounts or system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know