Vignette login Template Username Enumeration

2003-05-26T09:11:46
ID OSVDB:4912
Type osvdb
Reporter OSVDB
Modified 2003-05-26T09:11:46

Description

Vulnerability Description

Vignette contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a login template returning response during user authentication, which will disclose account name information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. The vendor has posted a response for existing Vignette customers to this issue, see external reference for detail.

Short Description

Vignette contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a login template returning response during user authentication, which will disclose account name information resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://support.vignette.com/VOLSS/KB/View/1,,5557,00.html Other Advisory URL: http://www.attrition.org/security/advisory/misc/s21sec-020.vignette_enum Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=105405880325755&w=2 Keyword: S21SEC-020-en ISS X-Force ID: 12073 CVE-2003-0402 Bugtraq ID: 7691