Description
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
Affected products
- SonicWall / SonicWall SMA10010.2.0.8-37sv and earlier – 10.2.0.8-37sv and earlier
- SonicWall / SonicWall SMA10010.2.1.2-24sv and earlier – 10.2.1.2-24sv and earlier