168 matches found
CVE-2004-0042
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...
CVE-2004-0042
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames...
CVE-2003-0512
Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge...
CVE-2003-0402
The default login template /vgn/login in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
DEBIAN-CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
CVE-2003-0190
OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...
Cerberus FTP Server 2.1 - Information Disclosure
Cerberus FTP Server 2.1 - Information Disclosure source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may...
Cerberus FTP Server 2.1 - Information Disclosure
source: https://www.securityfocus.com/bid/7369/info It has been reported that Cerberus FTP Server is prone to an information disclosure weakness. The problem exists in the way the FTP server handles the authentication procedure. An attacker may exploit a weakness in error handling to disclose val...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...
Qpopper 3/4 - 'Username' Information Disclosure
source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the clien...
CVE-2002-2410
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information...
CVE-2002-0212
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack...
CVE-2001-1338
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...
Check Point VPN-1 SecuRemote Flaw
Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...
CVE-1999-1266
rsh daemon rshd generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system...
CVE-2001-1013
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...
CVE-2001-1068
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system...
CVE-2000-0938
Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...