CVE-2009-1293

EUVD-2009-1291
The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
novellteaming
1.0
novellteaming
1.0:sp1
novellteaming
1.0:sp2
novellteaming
1.0:sp3
novellteaming
1.0.1
novellteaming
1.0.2
novellteaming
1.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34714
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
http://www.securityfocus.com/archive/1/502704/100/0/threaded
http://www.securityfocus.com/bid/34531
http://www.securitytracker.com/id?1022063
http://www.vupen.com/english/advisories/2009/1048
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt
http://secunia.com/advisories/34714
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737
http://www.securityfocus.com/archive/1/502704/100/0/threaded
http://www.securityfocus.com/bid/34531
http://www.securitytracker.com/id?1022063
http://www.vupen.com/english/advisories/2009/1048
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt