2022-06-13 08:01:04
OTRS
PUBLISHED
Attacker is able to determine if the provided username exists (and its valid) using Request New Password feature, based on the response time.