CVE-2008-1287 Information

Description

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid which allows remote attackers to enumerate usernames.

Reference

http://secunia.com/advisories/29280 http://www.securityfocus.com/bid/28132 http://www.securitytracker.com/id?1019566 http://www.vupen.com/english/advisories/2008/0804/references http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561 https://exchange.xforce.ibmcloud.com/vulnerabilities/41042