CVE-2002-0580

Name of the Vulnerable Software and Affected Versions WorkforceROI Xpede version 4.1

Description The issue allows remote attackers to obtain the database username by making a request to the "datasource.asp" endpoint, which leaks the username in a form. This leak facilitates brute force password guessing attacks.

Recommendations For version 4.1, restrict access to the "datasource.asp" endpoint to minimize the risk of exploitation. As a temporary workaround, consider modifying the datasource.asp page to prevent the leakage of the database username until a more permanent fix is available.