Описание
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-1769
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html
- https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344
- http://secunia.com/advisories/35157
- http://secunia.com/advisories/35313
- http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69
- http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69
- http://www.securityfocus.com/bid/35023
Связанные уязвимости
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
The web interface in Open Computer and Software Inventory Next Generat ...