H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification Severity: Medium Date: December 30, 2025 Affected: H3C SSL VPN 1.1 CVE: CVE-2022-50800 CWE: CWE-203 Observable Discrepancy CVSS: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N References: ExploitDB-50742 H3C Official Product Homepage Zero Science Lab Disclosure (ZSL-2022-5697) Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab Description: H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the endpoint and analyze response messages to distinguish between existing and non-existing accounts.