|
Family: CGI abuses --> Category: infos
WebCalendar User Account Enumeration Disclosure Issue Vulnerability Scan
Vulnerability Scan Summary Checks for WebCalendar User Account Enumeration Disclosure weakness
Detailed Explanation for this Vulnerability Test
Synopsis:
The remote web server is affected by an information disclosure issue.
Description:
The version of WebCalendar on the remote host is prone to a user
account enumeration weakness in that in response to login attempts it
returns different error messages depending on whether the user exists
or the password is invalid.
See also:
http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
http://www.nessus.org/u?2fe61fc9
Solution :
Upgrade to WebCalendar 1.0.4 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|