Windows Username Disclosure

CVE: CVE-2003-0083, CVE-2003-0134, CVE-2003-0189, CVE-2003-0245
CWE: CWE-20

Summary

Netsparker identified a Windows Username Disclosure in the error message.

Impact

An attacker can perform brute-force or dictionary-based password guessing on the disclosed username. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.

Remediation

Error messages should be disabled.
Remove this kind of sensitive data from the output.

Classifications

PCI v3.2-, CAPEC-118, WASC-13, OWASP 2013-A6, OWASP 2017-A3