CVE-2001-1528

AmTote International - Info Disclosure

Title source: llm

Description

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gary O'Leary-Steele · perlremotemultiple

https://www.exploit-db.com/exploits/21116

View Code ZIP pw:eip

References (3)

[Broken Link] http://www.iss.net/security_center/static/7185.php

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3371

[Broken Link, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html

Scores

EPSS 0.0786

EPSS Percentile 92.0%

Details

CWE

CWE-203

Status published

Products (1)

amtote/homebet

Published Dec 31, 2001

Tracked Since Feb 18, 2026