CVE-2017-9978

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
References
Link Resource
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2017/Aug/23 Exploit Mailing List Third Party Advisory
http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Exploit Third Party Advisory URL Repurposed
https://www.exploit-db.com/exploits/42517/ Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2017/Aug/23 Exploit Mailing List Third Party Advisory
http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Exploit Third Party Advisory URL Repurposed
https://www.exploit-db.com/exploits/42517/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:37

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2017/Aug/23 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2017/Aug/23 - Exploit, Mailing List, Third Party Advisory
References () http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory, URL Repurposed () http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory, URL Repurposed
References () https://www.exploit-db.com/exploits/42517/ - Exploit, Third Party Advisory, VDB Entry () https://www.exploit-db.com/exploits/42517/ - Exploit, Third Party Advisory, VDB Entry

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory (MISC) http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt - Exploit, Third Party Advisory, URL Repurposed

Information

Published : 2017-08-28 19:29

Updated : 2024-11-21 03:37


NVD link : CVE-2017-9978

Mitre link : CVE-2017-9978

CVE.ORG link : CVE-2017-9978


JSON object : View

Products Affected

osnexus

  • quantastor
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor