pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/54791 - | |
References | () http://secunia.com/advisories/35230 - | |
References | () http://secunia.com/advisories/43314 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2010:054 - | |
References | () http://www.openwall.com/lists/oss-security/2009/05/27/1 - | |
References | () http://www.securityfocus.com/archive/1/516397/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/35112 - | |
References | () http://www.vmware.com/security/advisories/VMSA-2011-0003.html - | |
References | () http://www.vupen.com/english/advisories/2009/1448 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=502602 - Vendor Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652 - |
Information
Published : 2009-05-28 20:30
Updated : 2024-11-21 01:02
NVD link : CVE-2009-1384
Mitre link : CVE-2009-1384
CVE.ORG link : CVE-2009-1384
JSON object : View
Products Affected
redhat
- enterprise_linux
eyrie
- pam-krb5
CWE
CWE-287
Improper Authentication