Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and session-forgery attacks. | |
| Title | Rejetto HFS < 3.2.1 Username Enumeration via Login Response Differences | |
| Weaknesses | CWE-204 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-13T17:23:20.688Z
Reserved: 2026-07-10T15:43:36.626Z
Link: CVE-2026-61503
No data.
No data.
No data.
OpenCVE Enrichment
No data.