CVE-2026-20195

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

PT-2026-33255

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

CVE-1999-0656

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names...

EUVD-1999-0639

Malware in sbrugna...

EUVD-2020-18692

Malware in sbrugna...

CVE-2025-0163

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

CVE-2025-0163 IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

CVE-2024-35114 IBM Control Center information disclosure

IBM Control Center 6.2.1 and 6.3.1 could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts...

CVE-2023-27283

IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545...

IBM Common Licensing 安全漏洞

IBM Common Licensing is a license management solution from International Business Machines IBM. A user enumeration vulnerability exists in IBM Common Licensing version 9.0, which stems from an observable response discrepancy that can be exploited by a local attacker to enumerate usernames...

CVE-2022-26656

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join...

Code injection

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join...

Security Bulletin: Novalink Vulnerability to allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. (CVE-2021-29842)

Summary Novalink uses WebSphere Application Server Liberty. Which could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. Vulnerability Details CVEID: CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 a...

Default credentials

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier...

Buffer overflow

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

Security Bulletin: Access Control Vulnerability Affects IBM Sterling File Gateway (CVE-2021-20376)

Summary IBM Sterling File Gateway has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2021-20376 DESCRIPTION: IBM Sterling File Gateway could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. CVSS Base...

CVE-2020-11625

An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate wheth...

CVE-2008-3903

Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreje...

Authentication flaw

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used...