5
CVE-2009-1293
- EPSS 1.82%
- Veröffentlicht 16.04.2009 15:12:57
- Zuletzt bearbeitet 16.06.2026 23:06:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.82% | 0.759 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/34714
http://www.securitytracker.com/id?1022063
http://www.vupen.com/english/advisories/2009/1048
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
http://www.securityfocus.com/archive/1/502704/100/0/threaded
http://www.securityfocus.com/bid/34531
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt