Tibbo AggreGate Network Manager Login Discrepancy User Enumeration Vulnerability

Vulnerability

A user enumeration vulnerability has been identified in Tibbo AggreGate Network Manager versions prior to 6.40.05. The issue arises from an observable response discrepancy in the login process, where authentication failure messages vary depending on the existence of the supplied username. This allows an unauthenticated remote attacker to infer valid account identifiers, potentially leading to targeted brute-force or credential-stuffing attacks.

Impact

Exploitation of this vulnerability could allow for user enumeration, increasing the risk of targeted brute-force or credential-stuffing attacks.

Added: Oct 23, 2025, 5:21 PM

Updated: Oct 23, 2025, 5:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tibbo AggreGate Network Manager Login Discrepancy User Enumeration Vulnerability

Vulnerability

Impact

Affected Products

Tibbo AggreGate Network Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating