Remedy Action Request System Username Enumeration Vulnerability
BID:22066
Info
Remedy Action Request System Username Enumeration Vulnerability
| Bugtraq ID: | 22066 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2007 12:00AM |
| Updated: | Jan 17 2007 09:31PM |
| Credit: | Davide Del Vecchio is credited with the discovery of this vulnerability. |
| Vulnerable: |
Remedy AR System 5.1.2 |
| Not Vulnerable: |
Remedy AR System 7.0 Remedy AR System 6.03 |
Discussion
Remedy Action Request System Username Enumeration Vulnerability
Remedy Action Request System is prone to a username-enumeration vulnerability because of a design error in the application when verifying user-supplied input.
Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
Version 5.01.02 is vulnerable; other versions may also be affected.
Remedy Action Request System is prone to a username-enumeration vulnerability because of a design error in the application when verifying user-supplied input.
Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute-force password cracking or other attacks.
Version 5.01.02 is vulnerable; other versions may also be affected.
Exploit / POC
Remedy Action Request System Username Enumeration Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
Remedy Action Request System Username Enumeration Vulnerability
Solution:
The vendor has released fixes to address this issue; please contact the vendor for details on how to obtain product fixes.
Solution:
The vendor has released fixes to address this issue; please contact the vendor for details on how to obtain product fixes.
References
Remedy Action Request System Username Enumeration Vulnerability
References:
References:
- Remedy Web Site (Remedy)