PT-2009-4239 · Ocs Inventory · Ocs Inventory Ng
Will Aoki
·
Published
2009-05-22
·
Updated
2009-09-09
·
CVE-2009-1769
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OCS Inventory NG version 1.01
Description:
The issue in the web interface of OCS Inventory NG allows remote attackers to enumerate valid usernames by generating different error messages depending on whether a username is valid.
Recommendations:
For OCS Inventory NG version 1.01, consider modifying the error handling mechanism to prevent disclosure of valid usernames. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ocs Inventory Ng