Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
BID:51016
Info
Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
| Bugtraq ID: | 51016 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 12 2011 12:00AM |
| Updated: | Dec 12 2011 12:00AM |
| Credit: | Troy Rose |
| Vulnerable: |
Squiz Squiz Matrix 4.6 Squiz Squiz Matrix 4.4.4 |
| Not Vulnerable: |
Squiz Squiz Matrix 4.6.1 Squiz Squiz Matrix 4.4.5 |
Discussion
Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
Squiz Matrix is prone to an information-disclosure vulnerability.
Successfully exploiting this issue may allow attackers to enumerate the user names of system accounts. Information obtained may aid in further attacks.
Squiz Matrix 4.4.4 and 4.6.0 are vulnerable; other versions may also be affected.
Squiz Matrix is prone to an information-disclosure vulnerability.
Successfully exploiting this issue may allow attackers to enumerate the user names of system accounts. Information obtained may aid in further attacks.
Squiz Matrix 4.4.4 and 4.6.0 are vulnerable; other versions may also be affected.
Exploit / POC
Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
Attacker can exploit this issue using a browser.
Attacker can exploit this issue using a browser.
Solution / Fix
Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Squiz Matrix User Account Enumeration Information Disclosure Vulnerability
References:
References:
- Squiz Matrix - User Account Enumeration (Troy Rose)
- Squiz Matrix Homepage (squiz)
- OSI Security: Squiz Matrix - User Account Enumeration (Troy Rose)