CVE-2017-9978

Name of the Vulnerable Software and Affected Versions OSNEXUS QuantaStor versions prior to 4.3.1

Description A flaw was found in the error message sent as a response for non-existent users on the system. This could allow an attacker to enumerate valid accounts by searching for common usernames.

Recommendations For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the error message response to minimize the risk of exploitation.