-
### Template Information
Version 9.0 and below of ManageEngine ServiceDesk allow an unauthenticated attacker to request the “AJaxDomainServlet” script to enumerate arbitrary usernames and domains. …
-
Similar to #18 but a lot more annoying to solve as we store access in the DB keyed off the userid incase the user changes their email address.
-
Use case: IDS user wants to define discrete values for length-based properties.
Possible definition in IDS with enumeration (given example with property thickness and datatype IfcLengthMeasurement…
-
`The priority of the notification. If you omit this header, APNs sets the notification priority to 10.
Specify 10 to send the notification immediately.
Specify 5 to send the notification based o…
-
### Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's [Code of Conduct](https://github.com/ory/kratos/blob/ma…
-
### Before reporting an issue
- [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
### Area
l…
-
**Describe the bug**
Attempt to login with an address that isn't registered will indicate that the account is not registered (i.e. "there is no user with this address").
**To Reproduce**
Input `t…
-
When adding a new staff member to an issuer it responses allows to determine if an user exists or not.
-
**Describe the bug**
Unauthenticated User Enumeration
**To Reproduce**
Try to login with a dud password for any number of usernames. The system will tell you:
1) if the account does not exist s…
-
### Description
## Forgotten password
This should really just say “Password reset link is sent to the email supplied” regardless the email being found or not
We should show this in any case:
…