Username Enumeration Vulnerability in Novell Teaming by Novell
CVE-2009-1293

Currently unrated

Key Information:

Vendor: Novell
Status: Teaming
Vendor: CVE Published:; 16 April 2009

Summary

The web login functionality in Novell Teaming versions 1.0 through SP3 (1.0.3) exposes a security weakness by revealing different error messages for valid and invalid usernames. This discrepancy allows attackers to effectively enumerate user accounts, thereby facilitating unauthorized access attempts. It is crucial for organizations using Novell Teaming to address this vulnerability by updating to the latest version to secure their systems against potential exploitation.

References

https://www.sec-consult.com/files/20090415-0-novell-teami...

x_refsource_MISC

http://www.vupen.com/english/advisories/2009/1048

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/34714

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 16, 2009
Vulnerability Reserved
Apr 14, 2009