Description

Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.

Remediation

References

CVE-2025-43754

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-1894)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)

MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50092)

Oracle Database Server CVE-2007-2114 Vulnerability (CVE-2007-2114)

WordPress Plugin Social Slider Widget Cross-Site Scripting (1.8.4)

Severity

Medium

Classification

CVE-2025-43754 CWE-208 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities