Information Disclosure: Username Leakage in WorkforceROI Xpede 4.1

Information Disclosure: Username Leakage in WorkforceROI Xpede 4.1

CVE-2002-0580 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.

Learn more about our User Device Pen Test.