CVE-2022-0564 in Sense Enterprise
Summary
by MITRE • 02/21/2022
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/29/2026
This vulnerability resides within Qlik Sense Enterprise on Windows and represents a significant security weakness that enables remote attackers to perform user account enumeration through timing analysis techniques. The flaw specifically affects systems that have LDAP (Lightweight Directory Access Protocol) configuration enabled, making it particularly dangerous in enterprise environments where Active Directory integration is common. The vulnerability operates by exploiting the timing differences in system responses when processing authentication requests for different user accounts, allowing attackers to distinguish between valid and invalid accounts based on response time variations. This type of attack falls under the category of timing-based side-channel attacks that leverage observable system behavior to infer sensitive information.
The technical implementation of this vulnerability stems from the application's inconsistent response handling when processing authentication requests. When an attacker sends authenticated requests to the vulnerable system, the server responds with different timing characteristics depending on whether the requested user account exists in the LDAP directory. Valid accounts typically generate responses that take slightly longer to process due to additional validation steps and directory lookups, while invalid accounts produce faster responses as the system can quickly determine the account does not exist. This timing differential creates a measurable pattern that can be exploited through automated tools to systematically enumerate valid user accounts within the domain. The vulnerability demonstrates poor input validation and response time consistency in the authentication handling process, which aligns with CWE-204 - Information Exposure Through Timing Discrepancy.
The operational impact of this vulnerability extends beyond simple account enumeration, as it provides attackers with foundational information necessary for more sophisticated attacks including password spraying, brute force attempts, and targeted social engineering campaigns. Once valid accounts are identified, attackers can leverage this information to conduct credential stuffing attacks against other systems, or to plan more focused exploitation attempts. The vulnerability is particularly concerning in enterprise environments where Qlik Sense is used for business intelligence and data analytics, as these systems often contain sensitive organizational data and may serve as entry points to broader network infrastructures. The fact that the vulnerability requires LDAP configuration to be present means that organizations with integrated Active Directory environments are at higher risk, as these configurations are common in enterprise deployments.
Mitigation strategies for this vulnerability should focus on implementing consistent response times for authentication requests regardless of account validity, which aligns with security best practices outlined in the NIST Cybersecurity Framework and ISO 27001 standards. Organizations should configure their Qlik Sense installations to use constant-time response handling for authentication operations, ensuring that all user account validation responses take approximately the same amount of time. Additionally, implementing rate limiting and account lockout mechanisms can help prevent automated enumeration attempts, while network segmentation and access controls should limit the attack surface. Regular security updates and patch management processes are essential, as this vulnerability was addressed through official vendor releases. Organizations should also consider implementing multi-factor authentication and privileged access management solutions to reduce the impact of potential account compromise. The vulnerability highlights the importance of considering side-channel attack vectors in security design and the need for comprehensive security testing that includes timing analysis and response consistency evaluation.