Websense TRITON AP-WEB prior to 8.0.0 allows remote malicious users to enumerate Windows domain user accounts via vectors related to HTTP authentication.
websense triton ap web