CVE-2005-3101

Properties

Published:
27.09.2005
Updated:
21.09.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N) Approximated
    Product:
    Six Apart: Movable Type

    Vulnerability description

    The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

    References:

    BID: http://www.securityfocus.com/bid/14911
    SECUNIA: http://secunia.com/advisories/16899
    FULLDISC: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html