CVE-2019-25338

MEDIUM5.3EPSS 0.05%

Published: 2/12/2026Modified: 4/27/2026

Also known as:DEBIAN-CVE-2019-25338

Description

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.

Affected packages (2)

Debian/dokuwikifrom 0
PyPI/dokuwikifrom 0, <= 2018-04-22b

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (5)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-25338
ADVISORYhttps://www.vulncheck.com/advisories/dokuwiki-b-username-enumeration
EXPLOIThttps://www.exploit-db.com/exploits/47731
WEBhttps://download.dokuwiki.org/
WEBhttps://www.dokuwiki.org/dokuwiki