Citrix ShareFile through 19.1 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
Published Date: Monday 13th of May 2019 03:29:01 PM
Modified Date: Tuesday 14th of May 2019 01:10:17 PM
Network Access Vector:
The attacker does not require local network access or local access.
Authentication is not required to access and exploit the vulnerability.
The attack can be performed manually and requires little skill or additional information gathering.
There is no impact to the availability of the system.
There is no impact to the integrity of the system.
There is considerable information disclosure.