2 matches found
CVE-2009-1803
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1803
CVE-2009-1803 affects FreePBX 2.5.1 and other 2.4.x, 2.5.x, and pre-release 2.6.x; the vulnerability stems from different error messages shown on failed login attempts, which reveals whether a user account exists. This behavioral difference enables remote attackers to enumerate valid usernames. T...