[原文]NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Ipswitch WhatsUp Professional NmConsole/Login.asp Error Message Account Enumeration
Remote / Network Access
Loss of Confidentiality
WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is present in the 'NmConsole/Login.asp' login page. The application gives different responses to login attempts with wrong usernames and/or passwords, giving an attacker the opportunity to enumerate valid user accounts. This may result in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.