PT-2014-6300 · Innovative Interfaces · Innovative Interfaces Sierra Library Services Platform+1

Published

2014-09-02

Updated

2018-10-09

CVE-2014-5137

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Innovative Interfaces Sierra Library Services Platform version 1.2 3

Description The issue allows remote attackers to enumerate account names via a series of login requests. This is possibly related to the Webpac Pro submodule, where different responses are provided for login requests depending on whether the user account exists.

Recommendations For Innovative Interfaces Sierra Library Services Platform version 1.2 3, consider restricting access to the login functionality to minimize the risk of account enumeration until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-5137

Affected Products

Innovative Interfaces Sierra Library Services Platform

Webpac Pro

PT-2014-6300 · Innovative Interfaces · Innovative Interfaces Sierra Library Services Platform+1

CVE-2014-5137

Weakness Enumeration

Related Identifiers

Affected Products

References · 2