CVE-2009-1769 Information

Description

The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid which allows remote attackers to enumerate valid usernames.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344 http://secunia.com/advisories/35157 http://secunia.com/advisories/35313 http://www.ocsinventory-ng.org/index.php?mact=Newscntnt01detail0&cntnt01articleid=133&cntnt01returnid=69 http://www.securityfocus.com/bid/35023 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html