CVE-2004-0939

Name of the Vulnerable Software and Affected Versions: Neoteris Instant Virtual Extranet (IVE) versions 3.x through 4.x

Description: The issue allows remote attackers to guess passwords via a brute force attack because the changepassword.cgi script does not limit the number of times a bad password can be entered, specifically when LDAP authentication or NT domain authentication is enabled.

Recommendations: For Neoteris Instant Virtual Extranet (IVE) versions 3.x through 4.x, consider implementing a workaround to limit the number of failed login attempts to prevent brute force attacks, such as temporarily disabling the changepassword.cgi script or restricting access to it until a proper fix is available.