CVE-2008-1166 Information

Description

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid which allows remote attackers to enumerate usernames.

Reference

http://secunia.com/advisories/29215 http://www.securityfocus.com/archive/1/489020/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/40964