CVE-2002-0212

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack...

CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...

OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow

source: https://www.securityfocus.com/bid/4560/info A buffer overflow condition exists in the OpenSSH server. The condition is exploitable by attackers with valid user credentials in versions 2.9.9 and higher. Exploitation does not require valid user credentials in versions prior to 2.9.9. The...

OpenSSH 2.x3.x - Kerberos 4 TGTAFS Token Buffer Overflow

OpenSSH 2.x3.x - Kerberos 4 TGTAFS Token Buffer Overflow source: https://www.securityfocus.com/bid/4560/info A buffer overflow condition exists in the OpenSSH server. The condition is exploitable by attackers with valid user credentials in versions 2.9.9 and higher. Exploitation does not require...

Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure

source: https://www.securityfocus.com/bid/4235/info Microsoft IIS supports Basic and NTLM authentication. Reportedly, the authentication methods supported by a given IIS server can be revealed to an attacker through the inspection of returned error messages, even when anonymous access is also...

Check Point VPN-1 SecuRemote Flaw

Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 4185 VPN+Strong for Windows 2000 4.1 SP4 4185 VPN+Strong for Windows NT Description: During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed...

CVE-2001-1280

POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system...

CVE-1999-1266

rsh daemon rshd generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system...

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

CVE-2001-1068

qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system...

Netscape Messenging Server POP3 Error Message User Account Enumeration

The remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' the user will then get a different response whether the account...

CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...

CVE-2001-0421

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD command, which could release sensitive information such as shadowed...

Solaris 2.67.0 - IN.FTPD CWD Username Enumeration

Solaris 2.67.0 - IN.FTPD CWD Username Enumeration source: https://www.securityfocus.com/bid/2564/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is a versatile operating system designed for use with machines as small as desktop systems and as larg...

CVE-2000-0938

Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...

CVE-2000-0938

Samba Web Administration Tool SWAT in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server...

CVE-2000-1002

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks...

CVE-2000-1030

CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server...

CVE-2000-1037

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack...

CVE-2000-1032

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall...