CVE-2005-3101

Name of the Vulnerable Software and Affected Versions Movable Type versions prior to 3.2

Description The password reset feature generates different error messages depending on whether a user exists or not, allowing remote attackers to determine valid usernames.

Recommendations For versions prior to 3.2, update to version 3.2 or later to resolve the issue. As a temporary workaround, consider modifying the password reset feature to return generic error messages, preventing attackers from determining valid usernames.