CVE-2004-1697

Name of the Vulnerable Software and Affected Versions CA Unicenter Management Portal versions 2.0 through 3.1

Description The issue concerns the "Forgot your Password" link, which displays different error messages for existing and non-existing users. This could allow remote attackers to guess valid usernames.

Recommendations For CA Unicenter Management Portal versions 2.0 through 3.1, consider modifying the error messages displayed by the "Forgot your Password" link to be generic, avoiding the disclosure of username existence. As a temporary workaround, restrict access to the "Forgot your Password" link until a more permanent solution is implemented.