Citrix ShareFile through 19.1 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

  • Published Date: Monday 13th of May 2019 03:29:01 PM
  • Modified Date: Tuesday 14th of May 2019 01:10:17 PM
    • Network Access Vector: The attacker does not require local network access or local access.
    • Authentication Vector: Authentication is not required to access and exploit the vulnerability.
    • Complexity Vector: The attack can be performed manually and requires little skill or additional information gathering.
    • Availability Impact: There is no impact to the availability of the system.
    • Integrity Impact: There is no impact to the integrity of the system.
    • Confidentiality Impact: There is considerable information disclosure.
    • CVSS Score: 5.0
    • Common Platform Enumeration (CPE) Dictionary
      • cpe:2.3:a:citrix:sharefile:19.1
    • Reference:

    Download Mageni's Vulnerability Scanning Platform.

    No credit card is required to download the Free Edition. Register now.