CVE-2017-8055

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware versions prior to v11.12.2

Description The issue allows user enumeration, for example, in the Firebox XML-RPC login handler. A login request with a blank password sent to the XML-RPC agent returns different responses for valid and invalid usernames. This could be exploited to enumerate valid usernames on an affected Firebox.

Recommendations For versions prior to v11.12.2, update to a version that contains a fix for this issue to prevent user enumeration. As a temporary workaround, consider restricting access to the XML-RPC login handler to minimize the risk of exploitation.