CVE-2016-5797

2016-07-1516:00:00

icscert

www.cve.org

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.

References

www.securityfocus.com/bid/91728

ics-cert.us-cert.gov/advisories/ICSA-16-194-01