User Enumeration Vulnerability in BMC Remedy Action Request System
CVE-2007-0310

Currently unrated

Key Information:

Vendor: Bmc
Status: Remedy Action Request System
Vendor: CVE Published:; 18 January 2007

What is CVE-2007-0310?

A vulnerability in BMC Remedy Action Request System version 5.01.02 Patch 1267 allows remote attackers to determine valid account names by generating different error messages for failed login attempts. When an attacker inputs a valid username, the error message differs from the one provided for an invalid username, enabling the possibility of account enumeration. This discrepancy can lead to unauthorized access attempts and further exploits if the information is leveraged.

References

http://securityreason.com/securityalert/2162

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/457078/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.alighieri.org/advisories/advisory-remedy50102.txt

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2007
Vulnerability Reserved
Jan 17, 2007

JSON

Bmc

What is CVE-2007-0310?

References

Timeline