Lucene search

PRIOn knowledge basePRION:CVE-2009-1384

HistoryMay 28, 2009 - 8:30 p.m.

Default credentials

2009-05-2820:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

CPENameOperatorVersion
pam-krb5eq2.2.14
pam-krb5eq2.3
pam-krb5eq2.3.4

Name	Operator	Version
pam-krb5	eq	2.2.14
pam-krb5	eq	2.3
pam-krb5	eq	2.3.4

References

osvdb.org/54791

secunia.com/advisories/35230

secunia.com/advisories/43314

www.mandriva.com/security/advisories?name=MDVSA-2010:054

www.openwall.com/lists/oss-security/2009/05/27/1

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/35112

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2009/1448

bugzilla.redhat.com/show_bug.cgi?id=502602

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652