CVE-2018-1154
First published: Tue Jul 31 2018(Updated: )
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable SecurityCenter | <5.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1154?
CVE-2018-1154 is a vulnerability that allows an unauthenticated attacker to automate the discovery of username aliases via brute force, potentially leading to unauthorized access.
What is the severity of CVE-2018-1154?
CVE-2018-1154 has a severity of 8.8 (high).
What is the affected software for CVE-2018-1154?
The affected software for CVE-2018-1154 is Tenable SecurityCenter versions prior to 5.7.0.
How can an attacker exploit CVE-2018-1154?
An attacker can exploit CVE-2018-1154 by performing brute force attacks to automate the discovery of username aliases.
Is there a fix for CVE-2018-1154?
Yes, upgrading to SecurityCenter version 5.7.0 or later will fix CVE-2018-1154.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/tenable
- canonical/tenable securitycenter