ESET Protect User Enumeration Vulnerability via Response Timing

Vulnerability

A user enumeration vulnerability has been identified in ESET Protect (on-prem) that exploits response timing differences. This vulnerability allows an attacker to determine valid usernames by analyzing the time it takes for the server to respond during the authentication process.

Impact

Exploitation of this vulnerability could lead to user enumeration, allowing attackers to identify valid usernames which could be used in further attacks, such as password guessing or phishing.

Added: Mar 30, 2026, 8:21 AM

Updated: Mar 30, 2026, 8:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ESET Protect User Enumeration Vulnerability via Response Timing

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating