2017-08-28 19:00:00
mitre
PUBLISHED
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that dont exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.