CVE-2004-1697
Summary
| CVE | CVE-2004-1697 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-09-21 04:00:00 UTC |
| Updated | 2017-07-11 01:31:00 UTC |
| Description | The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ca | Unicenter Management | portal_2.0 | All | All | All |
| Application | Ca | Unicenter Management | portal_3.1 | All | All | All |
| Application | Ca | Unicenter Management | portal_2.0 | All | All | All |
| Application | Ca | Unicenter Management | portal_3.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 'CA UniCenter Management Portal Username Enumeration Vulnerability' - MARC | BUGTRAQ | marc.info | |
| Secunia - Advisories - CA UniCenter Management Portal Username Disclosure Weakness | SECUNIA | secunia.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Computer Associates Unicenter Management Portal Username Disclosure Vulnerability | BID | www.securityfocus.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.