Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0402

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0402
Last Modified 05 Sep 2008 04:34:13
Published 30 Jun 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0402

Summary

The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks.

Vulnerable Systems

Application

  • Vignette 5.0

  • Vignette Content Suite 5.0

  • Vignette Content Suite 6.0

  • Vignette Content Suite 7.0

  • Vignette Storyserver 4.0

  • Vignette Storyserver 4.1

  • Vignette Storyserver 5.0


References

MISC - http://www.s21sec.com/en/avisos/s21sec-020-en.txt

BID - 7691

XF - vignette-login-account-bruteforce(12073)

BUGTRAQ - 20030526 S21SEC-020 - Vignette user enumeration


Last Updated: 27 May 2016 10:37:54