The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109579952809320&w=2 | |
http://secunia.com/advisories/12620 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11229 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2004-09-21 04:00
Updated : 2024-02-28 10:24
NVD link : CVE-2004-1697
Mitre link : CVE-2004-1697
CVE.ORG link : CVE-2004-1697
JSON object : View
Products Affected
ca
- unicenter_management
CWE