User Enumeration Vulnerability in OSNEXUS QuantaStor v4 Virtual Appliance
CVE-2017-9978 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Learn more about our User Device Pen Test.