CVE Vulnerabilities

CVE-2009-2435

Published: Jul 13, 2009 | Modified: Jul 13, 2009
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected Software

Name Vendor Start Version End Version
Lotus_instant_messaging_and_web_conferencing Ibm 6.5.1 6.5.1

References