CVE-2004-1697

The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ca:unicenter_management:portal_2.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:unicenter_management:portal_3.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:51

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=109579952809320&w=2 - () http://marc.info/?l=bugtraq&m=109579952809320&w=2 -
References () http://secunia.com/advisories/12620 - Patch, Vendor Advisory () http://secunia.com/advisories/12620 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/11229 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/11229 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 -

Information

Published : 2004-09-21 04:00

Updated : 2024-11-20 23:51


NVD link : CVE-2004-1697

Mitre link : CVE-2004-1697

CVE.ORG link : CVE-2004-1697


JSON object : View

Products Affected

ca

  • unicenter_management