CVE-2009-1293

Name of the Vulnerable Software and Affected Versions Novell Teaming versions 1.0 through 1.0.3

Description The issue concerns the web login functionality, specifically the /portal/login API endpoint, where different error messages are generated based on whether the username is valid or invalid. This behavior allows remote attackers to more easily enumerate usernames.

Recommendations For Novell Teaming versions 1.0 through 1.0.3, consider modifying the error handling mechanism in the /portal/login API endpoint to return generic error messages, regardless of the validity of the username, until a more comprehensive fix is available. As a temporary workaround, restrict access to the /portal/login endpoint to minimize the risk of exploitation.