CNNVD-202509-4124 Information

CNNVD ID

CNNVD-202509-4124

Related CVE

CVE-2025-1396

• CNNVD Published: 2025-09-26

Description (Chinese)

WSO2 Identity Server（IS）是美国WSO2公司的一款身份认证服务器。 WSO2 Identity Server存在安全漏洞，该漏洞源于启用Multi-Attribute Login时返回特定错误消息，可能导致用户名枚举攻击。

Description (English)

WO2 Infrastructure Server (IS) is an identification server for WSO2 in the United States. There is a security loophole in WO2 Health Server, which originates from the return of specific error messages when using Multi-Attribute Login, which could lead to an attack by name.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-09-26

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3983/ https://access.redhat.com/security/cve/cve-2025-1396

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-3992/