PRIOn knowledge basePRION:CVE-2009-1384

HistoryMay 28, 2009 - 8:30 p.m.

Default credentials

2009-05-2820:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

CPENameOperatorVersion
pam-krb5eq2.2.14
pam-krb5eq2.3
pam-krb5eq2.3.4

Name	Operator	Version
pam-krb5	eq	2.2.14
pam-krb5	eq	2.3
pam-krb5	eq	2.3.4

References

osvdb.org/54791

secunia.com/advisories/35230

secunia.com/advisories/43314

www.mandriva.com/security/advisories?name=MDVSA-2010:054

www.openwall.com/lists/oss-security/2009/05/27/1

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/35112

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2009/1448

bugzilla.redhat.com/show_bug.cgi?id=502602

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for PRION:CVE-2009-1384