Description
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2018-11
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041431
Scores
CVSS v3
8.8
EPSS
0.0040
EPSS Percentile
60.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
tenable/securitycenter
< 5.7.0
Published
Aug 02, 2018
Tracked Since
Feb 18, 2026