CVE-2008-1166

Published: Mar 5, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

Affected (5)

Products: Flyspray: Flyspray

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Flyspray Flyspray	Version 0.9.9.1
Flyspray Flyspray	Version 0.9.9.2
Flyspray Flyspray	Version 0.9.9.3
Flyspray Flyspray	Version 0.9.9.4
Flyspray Flyspray	Version 0.9.9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://secunia.com/advisories/29215

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/489020/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/40964

Source: cve@mitre.org

http://secunia.com/advisories/29215

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/489020/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/40964

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.