CVE-2009-1769

OCS Inventory NG - Username Enumeration via Error Message Discrepancy

Title source: llm
STIX 2.1

Description

The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.

References (8)

Core 8
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35157
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35313
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35023
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html
Vendor Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html

Scores

EPSS 0.0156
EPSS Percentile 72.3%

Details

CWE
CWE-200
Status published
Products (1)
ocsinventory-ng/ocs_inventory_ng 1.01
Published May 22, 2009
Tracked Since Feb 18, 2026