CVE-2004-1697
Summary
| CVE | CVE-2004-1697 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-09-21 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ca | Unicenter Management | portal_2.0 | All | All | All |
| Application | Ca | Unicenter Management | portal_3.1 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Computer Associates Unicenter Management Portal Username Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch, Vendor Advisory |
| 'CA UniCenter Management Portal Username Enumeration Vulnerability' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | |
| Secunia - Advisories - CA UniCenter Management Portal Username Disclosure Weakness | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.