Windows Username Disclosure

Summary

Netsparker identified a Windows username disclosure in the error message.

Impact

An attacker can perform brute-force or dictionary-based password guessing on the disclosed username. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.

Remediation

Error messages should be disabled.
Remove this kind of sensitive data from the output.

Classifications

PCI v3.1-6.5.5, PCI v3.2-6.5.5, CAPEC-118, WASC-13

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Information

Search Vulnerability

Related Vulnerabilities

Source Code Disclosure (ASP.NET)
Source Code Disclosure (ColdFusion)
Stack Trace Disclosure (ASP.NET)
Version Disclosure (Apache)
Version Disclosure (Perl)

;

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

Windows Username Disclosure

NETSPARKER

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd