Vulnerability Description
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ca | Unicenter Management | portal_2.0 |
References
- http://marc.info/?l=bugtraq&m=109579952809320&w=2
- http://secunia.com/advisories/12620PatchVendor Advisory
- http://www.securityfocus.com/bid/11229PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17464
- http://marc.info/?l=bugtraq&m=109579952809320&w=2
- http://secunia.com/advisories/12620PatchVendor Advisory
- http://www.securityfocus.com/bid/11229PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17464
FAQ
What is CVE-2004-1697?
CVE-2004-1697 is a vulnerability with a CVSS score of 7.5 (HIGH). The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allo...
How severe is CVE-2004-1697?
CVE-2004-1697 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1697?
Check the references section above for vendor advisories and patch information. Affected products include: Ca Unicenter Management.