← back
CVE-2017-9978

CVE-2017-9978

EPSS 4.7%
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.htmlunverifiedcve_referencewww.exploit-db.com/exploits/42517/unverifiedexploitdbwww.exploit-db.com/exploits/42517unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2017/Aug/23https://www.exploit-db.com/exploits/42517/http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt