QwikSec

Security Database

CVE

CWE

Training

CVE-2017-8055

Published: Apr 22, 2017

Modified: Sep 16, 2024

PUBLISHED

Description

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.sidertia.com/Home/Community/Blog/2017/04/17/Fixed-the-Fireware-Vulnerabilities-discovered-by-Sidertia

x_refsource_MISC

https://packetstormsecurity.com/files/142177/watchguardfbxtm-xxeinject.txt

x_refsource_MISC

http://watchguardsupport.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000KlGSAU

x_refsource_MISC

https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.