Username Enumeration Vulnerability in IBM Tivoli Provisioning Manager Express
CVE-2007-6408

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Express
Vendor: CVE Published:; 17 December 2007

Summary

IBM Tivoli Provisioning Manager Express is susceptible to an information disclosure vulnerability that exposes sensitive details through error messages. This flaw occurs during the account creation process when a username duplication is attempted or when a valid username is used during login attempts. The improper handling of these error messages can enable remote attackers to effectively enumerate valid usernames on the platform, increasing the risk of unauthorized access or further exploitation.

References

http://www.securityfocus.com/archive/1/484607/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/38866

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/3458

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Dec 17, 2007
Vulnerability Reserved
Dec 17, 2007