← volver
CVE-2009-1384

CVE-2009-1384

EPSS 3.3%
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://osvdb.org/54791https://bugzilla.redhat.com/show_bug.cgi?id=502602http://secunia.com/advisories/35230http://secunia.com/advisories/43314https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652http://www.mandriva.com/security/advisories?name=MDVSA-2010:054http://www.openwall.com/lists/oss-security/2009/05/27/1http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/bid/35112http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vupen.com/english/advisories/2009/1448