CVE-2020-26062

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (affected versions not specified)

Description The issue is related to information disclosure through inconsistency. It may allow a remote attacker to determine all existing usernames. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this by sending authentication requests to the affected application, potentially confirming the names of administrative user accounts for use in further attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.