Description
BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
Affected products
- BMC / remedy_action_request_system5.01.02_patch_1267 – 5.01.02_patch_1267
References
- MISChttp://securityreason.com/securityalert/2162
- MISChttp://www.securityfocus.com/archive/1/457078/100/0/threaded
- VENDOR_ADVISORYhttp://www.alighieri.org/advisories/advisory-remedy50102.txt
- MISChttp://www.securityfocus.com/bid/22066
- MISChttp://securitytracker.com/id?1017515
- MISChttp://www.securityfocus.com/archive/1/456949/100/0/threaded
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0204
- VENDOR_ADVISORYhttp://secunia.com/advisories/23775
- MISChttp://osvdb.org/31658
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/31527