mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
812 B
812 B
CVE-2015-7680
Description
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
POC
Reference
- http://packetstormsecurity.com/files/135462/Ipswitch-MOVEit-DMZ-8.1-Information-Disclosure.html
- https://profundis-labs.com/advisories/CVE-2015-7680.txt
Github
No PoCs found on GitHub currently.