Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WebCalendar User Account Enumeration Disclosure Issue


Vulnerability Assessment Details

WebCalendar User Account Enumeration Disclosure Issue

Vulnerability Assessment Summary
Checks for WebCalendar User Account Enumeration Disclosure weakness

Detailed Explanation for this Vulnerability Assessment

Summary:

The remote web server is affected by an information disclosure issue.

Description:

The version of WebCalendar on the remote host is prone to a user
account enumeration weakness in that in response to login attempts it
returns different error messages depending on whether the user exists
or the password is invalid.

See also:

http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
http://www.nessus.org/u?2fe61fc9

Solution :

Upgrade to WebCalendar 1.0.4 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 17853

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 David Maciejak

Cables, Connectors

Vintage Cromemco, TU-ART, S-100 Board / Card
$79.99
Vintage Cromemco, TU-ART, S-100 Board / Card   pictureVintage, MITS 88-C700C, S-100 Board / Card
$49.95
Vintage, MITS 88-C700C, S-100 Board / Card pictureLOT 7 of Early 1979-80 Vintage Mainframe Drive Spindle Cases with Discs
$200.0
LOT 7 of Early 1979-80 Vintage Mainframe Drive Spindle Cases with Discs pictureVINTAGE IBM Mainframe Books QMF Reference Manual DB2 Query Mgt Facility LOT of 3
$30.95
VINTAGE IBM Mainframe Books QMF Reference Manual DB2 Query Mgt Facility LOT of 3 picture


Discussions

No Discussions have been posted on this vulnerability.