Lucene search
MitreCVELIST:CVE-2017-8055HistoryApr 22, 2017 - 10:00 p.m.
CVE-2017-8055
2017-04-2222:00:00
mitre
www.cve.org
3
watchguard fireware
user enumeration
xml-rpc
login handler
fireware v11.12.1
vulnerability
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.
References
watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU
packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt
www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia
www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html
Related
prion
prion
Design/Logic Flaw
2017-04-22 22:59:00
nvd
nvd
CVE-2017-8055
2017-04-22 22:59:00
cve
cve
CVE-2017-8055
2017-04-22 22:59:00