Username Enumeration Vulnerability in Tollgrade LightHouse SMS

Username Enumeration Vulnerability in Tollgrade LightHouse SMS

CVE-2016-5797 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.

Learn more about our User Device Pen Test.