H3C SSL VPN Username Enumeration Vulnerability

A user enumeration vulnerability has been identified in H3C SSL VPN. This vulnerability allows attackers to determine valid usernames by sending different username inputs through the 'txtUsrName' POST parameter to the login_submit.cgi endpoint. The application’s response messages can then be analyzed to differentiate between existing and non-existing accounts.

Impact

Exploitation of this vulnerability leads to the exposure of valid usernames, which could be used in conjunction with other vulnerabilities or attacks.

Reproduction

To reproduce this vulnerability, send a POST request to the login_submit.cgi endpoint with the 'txtUsrName' parameter. Include different usernames in the 'txtUsrName' parameter along with the required fields such as 'txtPassword', 'selIdentity', 'selDomain', 'authmethod', and 'txtMacAddr'. Analyze the response to determine if the username exists. A response indicating that the username does not exist confirms a valid enumeration.