cvedb.io
CVE-2017-8055
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2017-04-22T22:59:00.217 · Last modified 2026-06-17T01:25:42.193

Summary

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this vulnerability to enumerate valid usernames on an affected Firebox.

Affected products

watchguard — fireware

Does this affect you?

Add your gear to cvedb and we'll alert you only when watchguard ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.