Lucene search

RedhatCVELIST:CVE-2009-1384

HistoryMay 28, 2009 - 8:14 p.m.

CVE-2009-1384

2009-05-2820:14:00

redhat

www.cve.org

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

References

osvdb.org/54791

secunia.com/advisories/35230

secunia.com/advisories/43314

www.mandriva.com/security/advisories?name=MDVSA-2010:054

www.openwall.com/lists/oss-security/2009/05/27/1

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/35112

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2009/1448

bugzilla.redhat.com/show_bug.cgi?id=502602

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652