CVE-2025-3716
Received
Received - Intake
User Enumeration via Response Timing in ESET Protect On-Prem
Publication date: 2026-03-30
Last updated on: 2026-03-30
Assigner: ESET
Description
Description
User enumeration in ESET Protect (on-prem) via Response Timing.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eset | protect | 13.0.12 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a user enumeration issue in ESET Protect (on-premises version) that occurs through response timing. It allows an attacker to determine valid usernames by analyzing the time it takes for the system to respond to certain requests.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can identify valid user accounts within the ESET Protect system without needing authentication. This can facilitate further attacks such as targeted phishing, brute force attacks, or other unauthorized access attempts.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70