Description
User enumeration in ESET Protect (on-prem) via Response Timing.
Published: 2026-03-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User Enumeration
Action: Patch
AI Analysis

Impact

The vulnerability in ESET Protect (on‑prem) allows an attacker to enumerate valid usernames by measuring the response time to authentication attempts. This information disclosure can enable targeted password guessing or credential stuffing attacks, compromising the confidentiality of user accounts. The weakness is classified under CWE‑204.

Affected Systems

The flaw affects ESET Protect (on‑prem) deployments. No specific product versions are listed, implying the issue may be present across multiple or all on‑prem releases available at the time of disclosure.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate severity. Exploit probability data is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack requires network access to the ESET Protect management interface, and the response‑timing technique suggests that an attacker can exploit the vulnerability remotely without additional privileges.

Generated by OpenCVE AI on March 30, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the ESET website or support portal for an update that addresses the enumeration issue and apply it as soon as possible.
  • If a patch is not yet available, restrict external network access to the ESET Protect management console by allowing only trusted IP ranges or using firewall rules.
  • Continuously monitor ESET advisories and security bulletins for any forthcoming patches or temporary workarounds.

Generated by OpenCVE AI on March 30, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Eset
Eset eset Protect
Vendors & Products Eset
Eset eset Protect

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description User enumeration in ESET Protect (on-prem) via Response Timing.
Title User enumeration in ESET Protect (on-prem)
Weaknesses CWE-204
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Eset Eset Protect
cve-icon MITRE

Status: PUBLISHED

Assigner: ESET

Published:

Updated: 2026-03-30T15:19:53.699Z

Reserved: 2025-04-16T08:51:43.823Z

Link: CVE-2025-3716

cve-icon Vulnrichment

Updated: 2026-03-30T15:19:40.537Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T08:16:16.380

Modified: 2026-03-30T13:26:07.647

Link: CVE-2025-3716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:41:11Z

Weaknesses