PT-2006-3318 · Ipswitch · Ipswitch Whatsup Professional 2006+1

Publicado

2006-05-15

Atualizado

2017-07-20

CVE-2006-2354

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006 Ipswitch WhatsUp Professional 2006 Premium

Description The issue allows remote attackers to enumerate valid usernames by generating different error messages.

Recommendations For Ipswitch WhatsUp Professional 2006, restrict access to the NmConsole/Login.asp page to minimize the risk of exploitation. For Ipswitch WhatsUp Professional 2006 Premium, restrict access to the NmConsole/Login.asp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2354

Produtos afetados

Ipswitch Whatsup Professional 2006

Ipswitch Whatsup Professional 2006 Premium

PT-2006-3318 · Ipswitch · Ipswitch Whatsup Professional 2006+1

CVE-2006-2354

Identificadores relacionados

Produtos afetados

Referências · 4