2022-03-03 18:20:21
Fluid Attacks
PUBLISHED
CyberArk Identity versions up to and including 22.1 in the StartAuthentication resource, exposes the response header X-CFY-TX-TM. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.