Primary

Context

Q-Free MaxTime Username Enumeration Vulnerability

Vulnerability

A vulnerability allowing username enumeration has been identified in Q-Free MaxTime versions through 2.11.0. This issue arises from an observable response discrepancy on the login page, which enables unauthenticated remote attackers to identify valid usernames by sending crafted HTTP requests.

Impact

Exploitation of this vulnerability allows for the enumeration of valid usernames, which could be used to facilitate brute-force or credential-stuffing attacks.

Remediation

While an official solution has not been provided by the vendor, it is recommended to restrict and monitor network access to the management web application on devices running Q-Free MaxTime versions through 2.11.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Q-Free MaxTime Username Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating