Vulnerabilities > CVE-2002-0212 - Information Disclosure vulnerability in Hosting Controller

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

hosting-controller

NVD

Published: 2002-05-16

Updated: 2016-10-18

Summary

The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack.

Vulnerable Configurations

Part	Description	Count
Application	Hosting_Controller Hosting Controller Hosting Controller 1.1 Hosting Controller Hosting Controller 1.3 Hosting Controller Hosting Controller 1.4 Hosting Controller Hosting Controller 1.4.1 Hosting Controller Hosting Controller 1.4B	5

References

http://hostingcontroller.com/English/patches/ForAll/index.html
http://marc.info/?l=bugtraq&m=101224151705897&w=2
http://www.iss.net/security_center/static/8006.php
http://www.securityfocus.com/bid/3971