CST-7145 User enumeration via forget password

Description

In Liferay Portal 7.1.3 and possibly earlier unsupported versions, it is possible to enumerate the users in the portal through the forget password functionality.

Severity

Severity 2

Fixed Version(s)

Publication date: Thu, 05 Mar 2020 07:35:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.