[原文]IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
IBM Rational ClearQuest Error Message User Enumeration
Vendor Verified
–
漏洞描述
IBM Rational ClearQuest contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when malicious people to identify valid user accounts, The problem is that different error messages are returned depending on whether an unsuccessful login attempt is performed with a valid or invalid username.
–
时间线
2008-03-04
Unknow
Unknow
Unknow
–
解决方案
Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability (7.0.1.1-ifix01 and 7.0.0.2-ifix01).
![Linux sudo权限提升漏洞(CVE-2021-3156)[附检测及修复方法]-微慑信息网-VulSee.com](https://vulsee.com/wp-content/uploads/2021/01/beepress10-1611747468-220x150.jpeg)
![[八卦] 王婷婷—揭秘一个大三女生的性爱录像-微慑信息网-VulSee.com](http://free.86hy.com/crack/pic/1.jpg)
![[随笔]今天国际警察节-微慑信息网-VulSee.com](http://photo.sohu.com/20041017/Img222528326.jpg)
青云网
