QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34155

Published: Oct 23, 2025

Modified: May 14, 2026

PUBLISHED

Description

Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can facilitate user enumeration and increase the likelihood of targeted brute-force or credential-stuffing attacks.

Vendor	Product	Versions
Tibbo Systems	AggreGate Network Manager	affected `0 - < 6.40.05`

Weaknesses (CWE)

References

https://aggregate.digital/downloads.html

patch

https://aggregate.digital/products/network-manager.html

product

https://www.vulncheck.com/advisories/tibbo-aggregate-network-manager-login-functionality-user-enumeration

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.