Description
Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.
References (1)
Core 1
Core References
Broken Link, Patch x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm
Scores
EPSS
0.0095
EPSS Percentile
76.6%
Details
CWE
CWE-203
Status
published
Products (1)
novell/ichain
2.2
Published
Aug 27, 2003
Tracked Since
Feb 18, 2026