IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
References
Configurations
Information
Published : 2007-12-17 10:46
Updated : 2018-10-15 14:53
NVD link : CVE-2007-6408
Mitre link : CVE-2007-6408
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
ibm
- tivoli_provisioning_manager_express