Information Disclosure: Username Enumeration in WebEOC Login Page

Information Disclosure: Username Enumeration in WebEOC Login Page

CVE-2005-4029 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods.

Learn more about our User Device Pen Test.