Timing-based User Enumeration Vulnerability in Cisco FireSIGHT System Software 6.1.0

Timing-based User Enumeration Vulnerability in Cisco FireSIGHT System Software 6.1.0

CVE-2016-1356 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615.

Learn more about our User Device Pen Test.