VYPR

Maven package

org.wso2.carbon.identity.framework/org.wso2.carbon.identity.input.validation.mgt

pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.input.validation.mgt

Vulnerabilities (1)

  • CVE-2025-1396Sep 26, 2025
    affected <= 7.8.103

    A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validate_username setting. This behavior allo