• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20001124 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20010119-01)
Votes (Legacy)
ACCEPT(1) Mell
MODIFY(1) Frech
NOOP(1) Cole
Comments (Legacy)
 Frech> XF:corporatetime-brute-force(5529)

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.