CVE-2009-1769 - OpenCVE

The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ocsinventory-ng	Ocs Inventory Ng

Configuration 1 [-]

cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344
http://secunia.com/advisories/35157	Vendor Advisory
http://secunia.com/advisories/35313	Vendor Advisory
http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69
http://www.securityfocus.com/bid/35023
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-22T18:00:00

Updated: 2009-06-06T09:00:00

Reserved: 2009-05-22T00:00:00

Link: CVE-2009-1769

JSON object: View

NVD Information

Status : Modified

Published: 2009-05-22T18:30:00.313

Modified: 2023-11-07T02:03:59.710

Link: CVE-2009-1769

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-06-06T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"name": "35157", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35157"}, {"name": "35313", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35313"}, {"name": "35023", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35023"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"name": "FEDORA-2009-5773", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"name": "FEDORA-2009-5769", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"name": "FEDORA-2009-5764", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69", "refsource": "MISC", "url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69"}, {"name": "35157", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35157"}, {"name": "35313", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35313"}, {"name": "35023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35023"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"name": "FEDORA-2009-5773", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"name": "FEDORA-2009-5769", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"name": "FEDORA-2009-5764", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1769", "datePublished": "2009-05-22T18:00:00", "dateReserved": "2009-05-22T00:00:00", "dateUpdated": "2009-06-06T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}, {"lang": "es", "value": "La interfaz web en Open Computer and Software Inventory Next Generation (OCS Inventory NG) versi\u00f3n 1.01 genera diferentes mensajes de error dependiendo de si un nombre de usuario es v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuarios v\u00e1lidos."}], "id": "CVE-2009-1769", "lastModified": "2023-11-07T02:03:59.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-22T18:30:00.313", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35157"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35313"}, {"source": "cve@mitre.org", "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35023"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}