The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
CVE-2021-45901 (ServiceNow - Username Enumeration)
PoC Code
enumSNOWUserspy - SNOW User Enumerator
Title
Username Enumeration Vulnerability found in ServiceNow Application
Published: Version: 10
Vendor: ServiceNow
Product: ServiceNow (wwwservicenowcom/)
Version affected: Orlando (glide-orlando-12-11-2019__patch5-06-17-2020)
Product description:
ServiceNow is an A