Описание
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-203
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
EPSS
Процентиль: 13%
0.00044
Низкий
7.5 High
CVSS3
Дефекты
CWE-203