Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WebCalendar User Account Enumeration Disclosure Issue


Vulnerability Assessment Details

WebCalendar User Account Enumeration Disclosure Issue

Vulnerability Assessment Summary
Checks for WebCalendar User Account Enumeration Disclosure weakness

Detailed Explanation for this Vulnerability Assessment

Summary:

The remote web server is affected by an information disclosure issue.

Description:

The version of WebCalendar on the remote host is prone to a user
account enumeration weakness in that in response to login attempts it
returns different error messages depending on whether the user exists
or the password is invalid.

See also:

http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
http://www.nessus.org/u?2fe61fc9

Solution :

Upgrade to WebCalendar 1.0.4 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 17853

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 David Maciejak

Cables, Connectors

Lot of (20) 2GB MIXED DDR3 Laptop Memory
$27.99
Lot of (20) 2GB MIXED DDR3  Laptop Memory pictureApple iMac, 21.5in, 4K display, 3.3 GHz Quad-Core i7, 8GB of memory, 1 TB HD
$500.0
Apple iMac, 21.5in, 4K display, 3.3 GHz Quad-Core i7, 8GB of memory, 1 TB HD pictureAdvanced 2020 Memory Card Reader Adapter High Speed Mini USB 2.0 Micro SD
$0.01
Advanced 2020 Memory Card Reader Adapter High Speed Mini USB 2.0 Micro SD picture


Discussions

No Discussions have been posted on this vulnerability.