N/A

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.

N/A

N/A

WatchGuard Fireware 安全漏洞

WatchGuard Fireware XTM是美国WatchGuard公司的一款防火墙设备，该设备可通过智能分层技术提供入侵防护、垃圾病毒邮件过滤、SSL VPN等。WatchGuard Fireware是其中的固件。 WatchGuard Fireware 11.12.1及之前的版本中存在安全漏洞。攻击者可利用该漏洞枚举有效的用户名。

N/A

N/A