PT-2006-3318 · Ipswitch · Ipswitch Whatsup Professional 2006+1

Published

2006-05-15

Updated

2017-07-20

CVE-2006-2354

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ipswitch WhatsUp Professional 2006 Ipswitch WhatsUp Professional 2006 Premium

Description The issue allows remote attackers to enumerate valid usernames by generating different error messages.

Recommendations For Ipswitch WhatsUp Professional 2006, restrict access to the NmConsole/Login.asp page to minimize the risk of exploitation. For Ipswitch WhatsUp Professional 2006 Premium, restrict access to the NmConsole/Login.asp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2354

Affected Products

Ipswitch Whatsup Professional 2006

Ipswitch Whatsup Professional 2006 Premium

PT-2006-3318 · Ipswitch · Ipswitch Whatsup Professional 2006+1

CVE-2006-2354

Related Identifiers

Affected Products

References · 4