McAfee LinuxShield Login Username Enumeration

medium Nessus Plugin ID 44986

Synopsis

The remote host has a web application that leaks information.

Description

McAfee LinuxShield is installed on the remote host.

The installed version of this software fails to respond with consistent error messages when a user attempts to login with existing and non-existing accounts.

A remote, unauthenticated attacker may exploit this vulnerability to enumerate valid users for the remote web application.

Solution

Unknown at this time.

See Also

https://seclists.org/bugtraq/2010/Mar/28

Plugin Details

Severity: Medium

ID: 44986

File Name: mcafee_linuxshield_user_enumeration.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 3/4/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:mcafee:linuxshield

Required KB Items: www/apache

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Patch Publication Date: 3/2/2010

Vulnerability Publication Date: 3/3/2010