Username Enumeration Vulnerability in Hosting Controller 1.1 through 1.4.1

Username Enumeration Vulnerability in Hosting Controller 1.1 through 1.4.1

CVE-2002-0212 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.

Learn more about our User Device Pen Test.