poker-multiple-useremu.txt

2008-09-12T00:00:00
ID PACKETSTORM:69918
Type packetstorm
Reporter Jeremy Brown
Modified 2008-09-12T00:00:00

Description

                                        
                                            `=======================================================================  
  
Products: Absolute Poker, PokerStars  
  
URLs: http://www.absolutepoker.com  
http://www.pokerstars.com  
  
  
Vulnerability: Remote Username Enumeration  
  
Affected: All Vendors Listed  
  
=======================================================================  
  
  
Details:  
  
Multiple Online Poker Softwares have a user enumeration vulnerability  
in their authentication systems. Attackers could take advantage of this  
flaw to brute force accounts for these online poker vendors. Here is  
the login data for those affected:  
  
[Absolute Poker]  
  
RIGHT username, WRONG password:  
  
"Incorrect password has been entered. Please make sure the password is correct."  
  
WRONG username, WRONG password:  
  
"Login ID is not recognized. Please make sure the ID is correct."  
  
..........  
  
[PokerStars]  
  
RIGHT username, WRONG password:  
  
"The password you entered is incorrect. Please try again"  
  
WRONG username, WRONG password:  
  
"The UserID (nickname) you entered is incorrect. Please try again"  
  
========================================================================  
  
Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]`