From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Users enumeration allowed through Rest API 2. Severity: High (7.5/10) 3. Publisher: BenGrenoble 4. Vulnerability ID: GHSA-2hmf-p27w-phf9 5. Release Date: 4 days ago 6. Affected Versions: - < 2.7.11 - < 3.0.5 - < 3.1.2 - < 3.2.0 7. Fixed Versions: - 2.7.11 - 3.0.5 - 3.1.2 - 3.2.0 8. Description: - An unauthenticated user can perform user enumeration, which can make it easier to brute-force a valid account. 9. Impact: - An unauthenticated user can perform user enumeration, which can make it easier to brute-force a valid account. 10. Patch: - The message displayed after resetting a password no longer indicates whether the user exists or not. 11. Workaround: - Override the dictionary entry "UI:ResetPwd-Error-WrongLogin" via an extension and replace it with a generic message. 12. References: - Combodo N°7448 13. Credits: - Huge thanks to @warty-syn for reporting this. 14. More Information: - Email us at itop-security@combodo.com This information helps understand the nature, scope of impact, and how to fix or bypass the vulnerability.