Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WebCalendar User Account Enumeration Disclosure Issue

Vulnerability Assessment Details

WebCalendar User Account Enumeration Disclosure Issue

Vulnerability Assessment Summary
Checks for WebCalendar User Account Enumeration Disclosure weakness

Detailed Explanation for this Vulnerability Assessment

Summary:

The remote web server is affected by an information disclosure issue.

Description:

The version of WebCalendar on the remote host is prone to a user
account enumeration weakness in that in response to login attempts it
returns different error messages depending on whether the user exists
or the password is invalid.

See also:

http://www.securityfocus.com/archive/1/433053/30/0/threaded
http://www.securityfocus.com/archive/1/436263/30/0/threaded
http://www.nessus.org/u?2fe61fc9

Solution :

Upgrade to WebCalendar 1.0.4 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 17853

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 David Maciejak

Cables, Connectors