CVE-2014-3105

2014-09-23T21:55:00
ID CVE-2014-3105
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:34:00

Description

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.