CVE-2008-1166

CVE-2008-1166

EPSS 1.2%

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/29215 https://exchange.xforce.ibmcloud.com/vulnerabilities/40964 http://www.securityfocus.com/archive/1/489020/100/0/threaded