Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
BID:39244
Info
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
| Bugtraq ID: | 39244 |
| Class: | Access Validation Error |
| CVE: |
CVE-2010-1221 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 06 2010 12:00AM |
| Updated: | Apr 06 2010 12:00AM |
| Credit: | Andrea Micalizzi aka rgod reported through the TippingPoint ZDI program. |
| Vulnerable: |
Computer Associates XOsoft Replication r12.5 Computer Associates XOsoft Replication r12 Computer Associates XOsoft High Availability r12.5 Computer Associates XOsoft High Availability r12 Computer Associates XOsoft Content Distribution r12.5 Computer Associates XOsoft Content Distribution r12 |
| Not Vulnerable: | |
Discussion
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
Computer Associates XOsoft is prone to an information-disclosure vulnerability because of a lack of appropriate authentication.
Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
Computer Associates XOsoft is prone to an information-disclosure vulnerability because of a lack of appropriate authentication.
Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks.
Exploit / POC
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
Attackers can exploit this issue using readily available networking tools.
Attackers can exploit this issue using readily available networking tools.
Solution / Fix
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references for details.
Computer Associates XOsoft Content Distribution r12
Computer Associates XOsoft High Availability r12.5
Computer Associates XOsoft Replication r12
Computer Associates XOsoft High Availability r12
Computer Associates XOsoft Content Distribution r12.5
Computer Associates XOsoft Replication r12.5
Solution:
Updates are available. Please see the references for details.
Computer Associates XOsoft Content Distribution r12
-
Computer Associates RO16643
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO16643
Computer Associates XOsoft High Availability r12.5
-
Computer Associates RO15016
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO15016
Computer Associates XOsoft Replication r12
-
Computer Associates RO16643
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO16643
Computer Associates XOsoft High Availability r12
-
Computer Associates RO16643
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO16643
Computer Associates XOsoft Content Distribution r12.5
-
Computer Associates RO15016
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO15016
Computer Associates XOsoft Replication r12.5
-
Computer Associates RO15016
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear ch&searchID=RO15016
References
Computer Associates XOsoft Username Enumeration Information Disclosure Vulnerability
References:
References:
- CA Homepage (Computer Associates)
- CA20100406-01: Security Notice for CA XOsoft (Computer Associates)
- CA20100406-01: Security Notice for CA XOsoft ("Kotas, Kevin J"