AMI MegaRAC User Enumeration Vulnerability

AMI MegaRAC allows attackers to discover valid usernames on the system through an enumeration vulnerability. This matters because it reduces the effort needed to launch targeted attacks, making the system easier to compromise.

A user enumeration flaw in AMI MegaRAC permits unauthenticated attackers to enumerate valid user accounts through differential response analysis. This information disclosure (CWE-200) lowers the attack surface complexity for subsequent credential-based attacks against known accounts.