Vulnerabilities > CVE-2011-4678 - Credentials Management vulnerability in Oneclickorgs ONE Click Orgs

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

oneclickorgs

CWE-255

NVD

Published: 2011-12-06

Updated: 2011-12-08

Summary

The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests.

Vulnerable Configurations

Part	Description	Count
Application	Oneclickorgs Oneclickorgs ONE Click Orgs 1.0.0 Oneclickorgs ONE Click Orgs 1.0.1 Oneclickorgs ONE Click Orgs 1.1.0 Oneclickorgs ONE Click Orgs 1.1.1 Oneclickorgs ONE Click Orgs 1.2.0 Oneclickorgs ONE Click Orgs 1.2.1 Oneclickorgs ONE Click Orgs *	7

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://dmcdonald.net/?page_id=43
https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain