CVE-2012-6452
Axway Secure Messenger < 6.5 Updated Release 7 - User Enumeration via Authentication Response Timing
Title source: llmDescription
Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/57457
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81388
Scores
EPSS
0.0146
EPSS Percentile
70.3%
Details
CWE
CWE-287
Status
published
Products (3)
axway/email_firewall
axway/secure_messenger
6.3.2
axway/secure_messenger
< 6.5.0
Published
May 27, 2014
Tracked Since
Feb 18, 2026