Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1293

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1293
Last Modified 23 Apr 2009 02:00:31
Published 16 Apr 2009 11:12:57
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1293

Summary

The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

Vulnerable Systems

Application

  • Novell Teaming 1.0

  • Novell Teaming 1.0.1

  • Novell Teaming 1.0.2

  • Novell Teaming 1.0.3


References

CONFIRM - http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737

MISC - https://www.sec-consult.com/files/20090415-0-novell-teaming.txt

VUPEN - ADV-2009-1048

SECTRACK - 1022063

BID - 34531

BUGTRAQ - 20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming

SECUNIA - 34714


Last Updated: 27 May 2016 10:50:31