Legal Robot: User enumeration from failed login error message

A security researcher reported an issue around user enumeration through examination of the failed registration error message. Since this change was reported, Legal Robot has switched to a method wherein any registration attempts for accounts that already exist will be redirected to the same...

Spacewalk: RHN user password disclosure upon failed system registration

Spacewalk-backend in Red Hat Network RHN Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading 1 the server log and 2 an email...