CVE-2014-3105 Information

Description

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15 8.0.0 before 8.0.0.12 and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists which allows remote attackers to enumerate account names via a series of requests.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21682949 https://exchange.xforce.ibmcloud.com/vulnerabilities/94312