CVE-2001-1528
published 2001-12-31CVE-2001-1528: AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.91%
94.0th percentile
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Exposure of Sensitive Information to an Unauthorized Actor
mitre_cwe
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include: private, personal information, such as personal messages, financial data, health records, geographic location, or contact details system status and environment, such as the operating system and installed packages business secrets and intellectual property network status and confi
CWE
Observable Discrepancy
mitre_cwe
CWE-203 Observable Discrepancy
CWE-203: Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Access
CWE
Observable Response Discrepancy
mitre_cwe
CWE-204 Observable Response Discrepancy
CWE-204: Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Modes of Introduction:
Phase: Architecture and Design
Note: An observable response discrepancy frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. The discrepancy could be inadvertent (bug) or intentional (design).
Phase: Implementation
Note: An observable response discrepancy frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. The discrepancy could be inadvertent (bug) or
http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.htmlhttp://www.iss.net/security_center/static/7185.phphttp://www.securityfocus.com/bid/3371http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.htmlhttp://www.iss.net/security_center/static/7185.phphttp://www.securityfocus.com/bid/3371
2001-12-31
Published