Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WebCalendar User Account Enumeration Disclosure Issue


Vulnerability Assessment Details

WebCalendar User Account Enumeration Disclosure Issue

Vulnerability Assessment Summary
Checks for WebCalendar User Account Enumeration Disclosure weakness

Detailed Explanation for this Vulnerability Assessment

Summary:

The remote web server is affected by an information disclosure issue.

Description:

The version of WebCalendar on the remote host is prone to a user
account enumeration weakness in that in response to login attempts it
returns different error messages depending on whether the user exists
or the password is invalid.

See also:

http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
http://www.nessus.org/u?2fe61fc9

Solution :

Upgrade to WebCalendar 1.0.4 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 17853

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 David Maciejak

Cables, Connectors

Huawei 03030NNW TN13OAU106
$35000.0
Huawei 03030NNW TN13OAU106 pictureCisco Linksys SR224 24-Port 10/100 Network Switch
$9.95
Cisco Linksys SR224 24-Port 10/100 Network Switch  pictureCisco FAN-WAVE-60MM 74-9537-01 A0 Fan Module, pulled from unused hardware
$18.0
Cisco FAN-WAVE-60MM 74-9537-01 A0 Fan Module, pulled from unused hardware pictureHuawei 03030MVS TN13OAU101
$35000.0
Huawei 03030MVS TN13OAU101 picture


Discussions

No Discussions have been posted on this vulnerability.