---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: OCS Inventory NG Web Interface User Account Enumeration Weakness SECUNIA ADVISORY ID: SA35157 VERIFY ADVISORY: http://secunia.com/advisories/35157/ DESCRIPTION: A weakness has been reported in OCS Inventory NG, which can be exploited by malicious people to potentially identify valid user accounts. The application's web interface returns different error messages depending on whether an unsuccessful login attempt is performed with a valid or invalid username. This can be exploited to potentially identify valid usernames via multiple login attempts. The weakness is reported in version 1.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that a unique error message is returned when an unsuccessful login attempt is made. PROVIDED AND/OR DISCOVERED BY: Reported by Will Aoki in a Debian bug report. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------