Computer Security
[EN] securityvulns.ru no-pyccku


BMC Remedy Action Request System user enumeration vulnerability
Published:15.01.2007
Source:
SecurityVulns ID:7056
Type:remote
Threat Level:
5/10
Description:Messages for invalid password and invalid user name are different.
Affected:BMC : Remedy Action Request System 5.01
CVE:CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.)
Original documentdocumentDavide Del Vecchio, Remedy Action Request System 5.01.02 - User Enumeration (15.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod