CVE-2003-0637

CWE-2033 documents3 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 23.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Ichain
Timeline
PublishedAug 27
Latest updateApr 29

Description

Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnovell/ichain2.2

Patches

Patch: support.novell.comPatch: support.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-fv5q-cm23-v6v8: Novell iChain 22022-04-29
CVEList
CVE-2003-0637: Novell iChain 22003-08-02
CVE-2003-0637 (MEDIUM CVSS 5) | Novell iChain 2.2 before Support Pa | cvebase.io