Family: Debian Local Security Checks --> Category: infos
[DSA1056] DSA-1056-1 webcalendar Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
David Maciejak noticed that webcalendar, a PHP-based multi-user
calendar, returns different error messages on login attempts for an
invalid password and a non-existing user, allowing remote attackers to
gain information about valid usernames.
The old stable distribution (woody) does not contain a webcalendar package.
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your webcalendar package.
Solution : http://www.debian.org/security/2006/dsa-1056
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.