On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Aug/23 | Exploit Mailing List Third Party Advisory |
http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt | Exploit Third Party Advisory URL Repurposed |
https://www.exploit-db.com/exploits/42517/ | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Aug/23 | Exploit Mailing List Third Party Advisory |
http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt | Exploit Third Party Advisory URL Repurposed |
https://www.exploit-db.com/exploits/42517/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 03:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2017/Aug/23 - Exploit, Mailing List, Third Party Advisory | |
References | () http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory, URL Repurposed | |
References | () https://www.exploit-db.com/exploits/42517/ - Exploit, Third Party Advisory, VDB Entry |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory, URL Repurposed |
Information
Published : 2017-08-28 19:29
Updated : 2024-11-21 03:37
NVD link : CVE-2017-9978
Mitre link : CVE-2017-9978
CVE.ORG link : CVE-2017-9978
JSON object : View
Products Affected
osnexus
- quantastor
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor