The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=109579952809320&w=2 | |
http://secunia.com/advisories/12620 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11229 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 | |
http://marc.info/?l=bugtraq&m=109579952809320&w=2 | |
http://secunia.com/advisories/12620 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/11229 | Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=109579952809320&w=2 - | |
References | () http://secunia.com/advisories/12620 - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/11229 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17464 - |
Information
Published : 2004-09-21 04:00
Updated : 2024-11-20 23:51
NVD link : CVE-2004-1697
Mitre link : CVE-2004-1697
CVE.ORG link : CVE-2004-1697
JSON object : View
Products Affected
ca
- unicenter_management
CWE