Error Message Exposure in Adobe Document Server for Reader Extensions
CVE-2006-1788

Currently unrated

Key Information:

Vendor: Adobe
Status: Document Server
Vendor: CVE Published:; 13 April 2006

Summary

Adobe Document Server for Reader Extensions 6.0 is vulnerable to a flaw that makes it possible for remote attackers to perform user ID enumeration through error message discrepancies. When users attempt to log on, the application reveals different error responses based on the validity of the user ID entered. This inconsistency allows attackers to ascertain which user IDs are valid, significantly increasing the risk of successful brute force attempts. An attacker can leverage this vulnerability to gather valid user information and launch further attacks against the system, leading to potential unauthorized access.

References

http://www.securityfocus.com/archive/1/430869/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/25772

vdb-entryx_refsource_XF

http://www.adobe.com/support/techdocs/331917.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 13, 2006
Vulnerability Reserved
Apr 13, 2006