CVE-2005-0797

Summary

CVE	CVE-2005-0797
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-03-15 05:00:00 UTC
Updated	2016-10-18 03:14:00 UTC
Description	Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Novell	Ichain	2.2	All	All	All
Application	Novell	Ichain	2.2	sp1	All	All
Application	Novell	Ichain	2.2	sp1a	All	All
Application	Novell	Ichain	2.2	sp2	All	All
Application	Novell	Ichain	2.2	sp3	All	All
Application	Novell	Ichain	2.2.113	All	All	All
Application	Novell	Ichain	2.3	All	All	All
Application	Novell	Ichain	2.3	sp2	All	All
Application	Novell	Ichain	2.2	All	All	All
Application	Novell	Ichain	2.2	sp1	All	All
Application	Novell	Ichain	2.2	sp1a	All	All
Application	Novell	Ichain	2.2	sp2	All	All
Application	Novell	Ichain	2.2	sp3	All	All
Application	Novell	Ichain	2.2.113	All	All	All
Application	Novell	Ichain	2.3	All	All	All
Application	Novell	Ichain	2.3	sp2	All	All

References

Reference	Source	Link	Tags
Novell iChain Mini FTP Server Remote Information Disclosure Vulnerability	BID	www.securityfocus.com	Vendor Advisory
Secunia - Advisories - Novell iChain miniFTP Server Brute Force Weakness	SECUNIA	secunia.com	Vendor Advisory
ISR, Infobyte Security Research	MISC	www.infobyte.com.ar	Vendor Advisory
'[ISR] - Novell iChain Mini FTP Server Valid User Disclosure Vulnerability' - MARC	BUGTRAQ	marc.info
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.