Username Disclosure (Microsoft SQL Server)

Severity: Low

Summary#

Invicti identified a username disclosure (Microsoft SQL Server) in the error message.

Impact#

An attacker can perform brute-force or dictionary-based password guessing on the disclosed username. It may also help the attacker identify other vulnerabilities or further their exploitation of other identified vulnerabilities.

Remediation#

Error messages should be disabled.
Remove this kind of sensitive data from the output.

Classifications#

WASC-13, OWASP 2017-A3, OWASP 2013-A5, PCI v3.2-6.5.5, CAPEC-118, CWE-201, HIPAA-164.306(a), ISO27001-A.18.1.4

Invicti Security Insights

Fragmented SQL Injection Attacks – The Solution
What is SQL Injection?

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Username Disclosure (Microsoft SQL Server)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.