Ipswitch WhatsUp Professional NmConsole/Login.asp Error Message Account Enumeration

2006-05-11T09:02:38
ID OSVDB:25476
Type osvdb
Reporter OSVDB
Modified 2006-05-11T09:02:38

Description

Vulnerability Description

WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is present in the 'NmConsole/Login.asp' login page. The application gives different responses to login attempts with wrong usernames and/or passwords, giving an attacker the opportunity to enumerate valid user accounts. This may result in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is present in the 'NmConsole/Login.asp' login page. The application gives different responses to login attempts with wrong usernames and/or passwords, giving an attacker the opportunity to enumerate valid user accounts. This may result in a loss of confidentiality.

References:

Vendor URL: http://www.ipswitch.com/products/whatsup/professional/premium_vs_standard.asp Secunia Advisory ID:20075 Related OSVDB ID: 25474 Related OSVDB ID: 25477 Related OSVDB ID: 25470 Related OSVDB ID: 25473 Related OSVDB ID: 25469 Related OSVDB ID: 25471 Related OSVDB ID: 25472 Related OSVDB ID: 25475 CVE-2006-2354