Abstract Advisory Information
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username will ask for
the password when an invalid one will produce a “unknown username” error message.
Authors: Excellium Services
Common Vulnerability Scoring System
A fix is available in DualShield 6.0. The administrator must check the new checkbox
“Prevent login name guessing” in the authentication panel.
Vulnerability Disclosure Timeline
- 2020/11/10: Vulnerability found in DualShield
- 2020/11/11: Vulnerability reported to CERT-XLM
- 2020/11/11: Vulnerability reported to Deepnet Security
- 2020/11/16: Vulnerability fixed in DualShield version 6.0
- 2020/11/17: CVE ID requested to MITRE
- 2020/11/18: CVE ID Assigned by MITRE
- 2021/02/09: Expected public vulnerability disclosure