Lucene search
K

168 matches found

NVD
NVD
added 2004/02/03 5:0 a.m.15 views

CVE-2004-0042

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...

5CVSS6.7AI score0.01226EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2004/01/14 5:0 a.m.29 views

CVE-2004-0042

vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...

5CVSS4.6AI score0.01226EPSS
Exploits0
Cvelist
Cvelist
added 2003/07/29 4:0 a.m.22 views

CVE-2003-0512

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge...

6.8AI score0.03202EPSS
Exploits0References5
NVD
NVD
added 2003/06/30 4:0 a.m.18 views

CVE-2003-0402

The default login template /vgn/login in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks...

5CVSS6.7AI score0.01539EPSS
Exploits0References4
OSV
OSV
added 2003/05/12 4:0 a.m.12 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

6.3AI score
Exploits0References13
OSV
OSV
added 2003/05/12 4:0 a.m.3 views

DEBIAN-CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS9.2AI score0.76751EPSS
Exploits10References1
Debian CVE
Debian CVE
added 2003/05/02 12:0 a.m.44 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS6.6AI score0.76751EPSS
Exploits10
Cvelist
Cvelist
added 2003/05/02 12:0 a.m.28 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

9.2AI score0.76751EPSS
Exploits10References10
exploitpack
exploitpack
added 2003/04/16 12:0 a.m.15 views

Cerberus FTP Server 2.1 - Information Disclosure

Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/16 12:0 a.m.23 views

Cerberus FTP Server 2.1 - Information Disclosure

source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/03/11 12:0 a.m.18 views

Qpopper 34 - Username Information Disclosure

Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/11 12:0 a.m.28 views

Qpopper 3/4 - 'Username' Information Disclosure

source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.10 views

CVE-2002-2410

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...

5CVSS6.3AI score0.01309EPSS
Exploits1References3
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.17 views

CVE-2002-0212

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack...

6.7AI score0.01588EPSS
Exploits0References4
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.20 views

CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...

6.7AI score0.01979EPSS
Exploits0References5
securityvulns
securityvulns
added 2001/10/24 12:0 a.m.44 views

Check Point VPN-1 SecuRemote Flaw

Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...

1.4AI score
Exploits0
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.18 views

CVE-1999-1266

rsh daemon rshd generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system...

6.7AI score0.0132EPSS
Exploits0References2
NVD
NVD
added 2001/09/12 4:0 a.m.22 views

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

5CVSS6.4AI score0.65563EPSS
Exploits3References6
NVD
NVD
added 2001/08/31 4:0 a.m.13 views

CVE-2001-1068

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system...

5CVSS6.8AI score0.01106EPSS
Exploits1References3
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.23 views

CVE-2000-0938

Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...

6.6AI score0.02326EPSS
Exploits1References2
Rows per page
Query Builder