CVE-2025-3092

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint...

CVE-2024-20388

A vulnerability in the password change feature of Cisco Firepower Management Center FMC software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker coul...

PT-2022-27084 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions 0.5.3 and earlier Description: The issue allows remote attackers to identify valid user account names by leveraging response timings for authentication attempts. Recommendations: For PwnDoc versions 0.5.3 and earlier, at the...

tomcat: timing attack in Realm implementation

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder...

CVE-2013-3977

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names...

ProFTPd 1.2.10 - Remote Users Enumeration

ProFTPd 1.2.10 - Remote Users Enumeration / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis...