pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2009-05-28T20:14:00
Updated: 2018-10-10T18:57:01
Reserved: 2009-04-23T00:00:00
Link: CVE-2009-1384
JSON object: View
NVD Information
Status : Modified
Published: 2009-05-28T20:30:00.217
Modified: 2018-10-10T19:36:22.703
Link: CVE-2009-1384
JSON object: View
Redhat Information
No data.
CWE