CVE-2025-6056

Summary

Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.

Affected Software

VendorProductVersion RangeStatus
Ergon Informatik AGAirlock IAM7.7.9 <= 7.7.10affected
Ergon Informatik AGAirlock IAM8.0.8affected
Ergon Informatik AGAirlock IAM8.1.7affected
Ergon Informatik AGAirlock IAM8.2.4affected
Ergon Informatik AGAirlock IAM8.3.1affected
Ergon Informatik AGAirlock IAM8.4.1unaffected

Weaknesses

  • CWE-203: CWE-203 Observable Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References