The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra

Description

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.

Affected Products

Vendor	Product	Versions
Sage	DPW	2021_06_004

References

Related News (1 articles)

Tier C

VulDB9h ago

CVE-2025-67806 | Sage DPW 2021_06_004 response discrepancy

→ No new info (linked only)

CVSS 3.13.7 LOW

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 1, 2026

Last enriched4h agov2

Trending Score20

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Version History

Last enriched 4h ago

v2Tier C4h ago

Added vendor and product information, updated severity to MEDIUM, and clarified that no exploit exists.

vendorproductaffectedVersions

via VulDB

v16h ago

Initial creation

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (1)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History