VYPR
Unrated severityOSV Advisory· Published Dec 18, 2025· Updated Apr 7, 2026

GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint

CVE-2023-53943

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/GlpiOSV2 versions
    0.90, 0.90-RC1, 0.90-RC2, …+ 1 more
    • (no CPE)range: 0.90, 0.90-RC1, 0.90-RC2, …
    • (no CPE)range: 9.5.7

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.