6 matches found
CVE-2022-50800
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...
CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...
CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...
CVE-2022-50800
The CVE-2022-50800 entry concerns H3C SSL VPN, where the login_submit.cgi endpoint’s txtUsrName POST parameter enables user enumeration. Attackers can submit multiple usernames and compare response messages to distinguish existing vs. non-existing accounts, indicating a confidentiality impact and...
H3C SSL VPN 安全漏洞
H3C SSL VPN is a secure session layer VPN from China's Xinhua San H3C. A security vulnerability exists in H3C SSL VPN that stems from a user enumeration vulnerability in the txtUsrName POST parameter, which could lead to the identification of a valid username...
PT-2025-54247
Name of the Vulnerable Software and Affected Versions H3C SSL VPN affected versions not specified Description The software contains a user enumeration issue. An attacker can identify valid usernames by submitting different usernames to the /login submit.cgi API endpoint via the txtUsrName POST...