User Enumeration Vulnerability in OSNEXUS QuantaStor v4 Virtual Appliance

User Enumeration Vulnerability in OSNEXUS QuantaStor v4 Virtual Appliance

CVE-2017-9978 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.

Learn more about our User Device Pen Test.