CVE-2012-6452

EUVD-2012-6305
Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
axwayemail_firewall
-
axwaysecure_messenger
𝑥
≤ 6.5.0
axwaysecure_messenger
6.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html
http://www.securityfocus.com/bid/57457
https://exchange.xforce.ibmcloud.com/vulnerabilities/81388
http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html
http://www.securityfocus.com/bid/57457
https://exchange.xforce.ibmcloud.com/vulnerabilities/81388