Unauthenticated Enumeration of Ancillary Credentials in WhatsUp Gold

Unauthenticated Enumeration of Ancillary Credentials in WhatsUp Gold

CVE-2023-6595 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.

Learn more about our Api Penetration Testing.