CVE-2009-1769
published 2009-05-22CVE-2009-1769: The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.56%
72.1th percentile
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ocsinventory-server | < ocsinventory-server 1.02.1-1 (bookworm) | ocsinventory-server 1.02.1-1 (bookworm) |
| ocsinventory-ng | ocs_inventory_ng | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
NG: Authentication result varies for existent and non-existent users
vendor_redhat·2009-05-18·CVSS 5.0
CVE-2009-1769 [MEDIUM] NG: Authentication result varies for existent and non-existent users
NG: Authentication result varies for existent and non-existent users
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
Debian
CVE-2009-1769: ocsinventory-server - The web interface in Open Computer and Software Inventory Next Generation (OCS I...
vendor_debian·2009·CVSS 5.0
CVE-2009-1769 [MEDIUM] CVE-2009-1769: ocsinventory-server - The web interface in Open Computer and Software Inventory Next Generation (OCS I...
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
Scope: local
bookworm: resolved (fixed in 1.02.1-1)
bullseye: resolved (fixed in 1.02.1-1)
sid: resolved (fixed in 1.02.1-1)
GHSA
GHSA-22rf-ghp5-fc8x: The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1
ghsa_unreviewed·2022-05-02
CVE-2009-1769 [MEDIUM] CWE-200 GHSA-22rf-ghp5-fc8x: The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
OSV
CVE-2009-1769: The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1
osv·2009-05-22·CVSS 5.0
CVE-2009-1769 [MEDIUM] CVE-2009-1769: The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1
The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344http://secunia.com/advisories/35157http://secunia.com/advisories/35313http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69http://www.securityfocus.com/bid/35023https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344http://secunia.com/advisories/35157http://secunia.com/advisories/35313http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69http://www.securityfocus.com/bid/35023https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html
2009-05-22
Published