CVE-2009-1293

Novell Teaming 1.0-SP3 - Username Enumeration via Login Error Messages

Title source: llm

Description

The web login functionality (c/portal/login) in Novell Teaming 1.0 through SP3 (1.0.3) generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

References (7)

Core 7

Core References

Exploit x_refsource_misc

https://www.sec-consult.com/files/20090415-0-novell-teaming.txt

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1048

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34714

Patch, Vendor Advisory x_refsource_confirm

http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002997&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/502704/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022063

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34531

Scores

EPSS 0.0051

EPSS Percentile 66.7%

Details

CWE

CWE-200

Status published

Products (4)

novell/teaming 1.0 (4 CPE variants)

novell/teaming 1.0.1

novell/teaming 1.0.2

novell/teaming 1.0.3

Published Apr 16, 2009

Tracked Since Feb 18, 2026