CVE-2009-1293

Sažetak

The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

Reference

http://secunia.com/advisories/34714
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
http://www.securityfocus.com/archive/1/502704/100/0/threaded
http://www.securityfocus.com/bid/34531
http://www.securitytracker.com/id?1022063
http://www.vupen.com/english/advisories/2009/1048
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-10-2018 - 19:35

Objavljeno

16-04-2009 - 15:12