/alerttags/cwe-204/ Recent content in CWE-204 on ZAP Hugo en-us /docs/alerts/40023/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40023/ <p>It may be possible to enumerate usernames, based on differing HTTP responses when valid and invalid usernames are provided. This would greatly increase the probability of success of password brute-forcing attacks against the system. Note that false positives may sometimes be minimised by increasing the &lsquo;Attack Strength&rsquo; Option in ZAP. Please manually check the &lsquo;Other Info&rsquo; field to confirm if this is actually an issue.</p> /docs/alerts/40025-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40025-1/ <p>1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine</p> <ul> <li>A list of targets for an attack against the application.</li> <li>Potential vulnerabilities on the proxy servers that service the application.</li> <li>The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.</li> </ul> /docs/alerts/40025-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40025-2/ <p>1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine</p> <ul> <li>A list of targets for an attack against the application.</li> <li>Potential vulnerabilities on the proxy servers that service the application.</li> <li>The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.</li> </ul>