CVE-2009-2435

2009-07-1314:00:00

mitre

www.cve.org

ibm

lotus

sametime

server

vulnerability

remote attackers

enumeration

usernames

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

References

www.securityfocus.com/bid/35614

www.senseofsecurity.com.au/advisories/SOS-09-004.pdf