MitreCVE-2009-1293CVE-2009-1293
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
91.0%
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | teaming | 1.0 | cpe:2.3:a:novell:teaming:1.0:*:*:*:*:*:*:* |
| novell | teaming | 1.0 | cpe:2.3:a:novell:teaming:1.0:sp1:*:*:*:*:*:* |
| novell | teaming | 1.0 | cpe:2.3:a:novell:teaming:1.0:sp2:*:*:*:*:*:* |
| novell | teaming | 1.0 | cpe:2.3:a:novell:teaming:1.0:sp3:*:*:*:*:*:* |
| novell | teaming | 1.0.1 | cpe:2.3:a:novell:teaming:1.0.1:*:*:*:*:*:*:* |
| novell | teaming | 1.0.2 | cpe:2.3:a:novell:teaming:1.0.2:*:*:*:*:*:*:* |
| novell | teaming | 1.0.3 | cpe:2.3:a:novell:teaming:1.0.3:*:*:*:*:*:*:* |
References
secunia.com/advisories/34714
www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
www.securityfocus.com/archive/1/502704/100/0/threaded
www.securityfocus.com/bid/34531
www.securitytracker.com/id?1022063
www.vupen.com/english/advisories/2009/1048
www.sec-consult.com/files/20090415-0-novell-teaming.txt
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
91.0%