On the OSNEXUS QuantaStor v4 virtual appliance prior to 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
osnexus quantastor |