CVE-2009-1293 Information

Description

The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid which makes it easier for remote attackers to enumerate usernames.

Reference

http://secunia.com/advisories/34714 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=12002033084737 http://www.securityfocus.com/archive/1/502704/100/0/threaded http://www.securityfocus.com/bid/34531 http://www.securitytracker.com/id?1022063 http://www.vupen.com/english/advisories/2009/1048 https://www.sec-consult.com/files/20090415-0-novell-teaming.txt