Username Enumeration Vulnerability in Accellion FTP Server (Prior to Version FTA_9_12_220)

Username Enumeration Vulnerability in Accellion FTP Server (Prior to Version FTA_9_12_220)

CVE-2016-9499 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.

Learn more about our Cis Benchmark Audit For Server Software.