CVE-2013-1422
CVE-2013-1422 affects webCalendar (WebCalendar) prior to version 1.2.7. The flaw is that failed-login responses leak the reason (e.g., “no such user”), enabling user enumeration by an attacker via authentication attempts. The vulnerability is tied to the login error messaging rather than a fully ...