Username Enumeration Vulnerability in SAP HANA Extended Application Services
CVE-2018-2379
6.5MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 February 2018
What is CVE-2018-2379?
In SAP HANA Extended Application Services, version 1.0, an unauthenticated user can exploit a vulnerability that allows them to determine whether a specific username exists by analyzing the error messages returned from the application. This could enable potential attackers to build a list of valid usernames, increasing the risk of further attacks such as credential stuffing or targeted phishing.
Affected Version(s)
SAP HANA Extended Application Services 1.0