CVE-2025-6056

Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.

CVSS

No CVSS.

References

Link	Resource
https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enumeration/

Configurations

No configuration.

History

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) La diferencia de tiempo en el restablecimiento de contraseña en Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 y 8.3.1 de Ergon Informatik AG permite a atacantes no autenticados enumerar nombres de usuario.

04 Jul 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-04 12:15

Updated : 2025-07-08 16:18

NVD link : CVE-2025-6056

Mitre link : CVE-2025-6056

CVE.ORG link : CVE-2025-6056

JSON object : View

Products Affected

No product.

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2025-6056", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-04T12:15:35.407", "references": [{"url": "https://www.redguard.ch/blog/2025/07/04/cve-2025-6056-airlock-iam-username-enumeration/", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames."}, {"lang": "es", "value": "La diferencia de tiempo en el restablecimiento de contrase\u00f1a en Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 y 8.3.1 de Ergon Informatik AG permite a atacantes no autenticados enumerar nombres de usuario."}], "lastModified": "2025-07-08T16:18:53.607", "sourceIdentifier": "vulnerability@ncsc.ch"}

CVE-2025-6056

JSON object

Attach tags to CVE-2025-6056

Attach tags to `CVE-2025-6056`