CVE-2016-9499

Summary

Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.

Affected Software

VendorProductVersion RangeStatus
AccellionFTP ServerFTA_9_12_220 < FTA_9_12_220affected

Weaknesses

  • CWE-204: CWE-204

ADP Enrichment

CVE Program Container

Additional References

References