CVE-2009-1769

Published: May 22, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.

Affected (1)

Products: Ocsinventory Ng: Ocs Inventory Ng

Ocsinventory Ng

1 product

Ocs Inventory Ng

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ocsinventory Ng Ocs Inventory Ng	Version 1.01

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344

Source: cve@mitre.org

http://secunia.com/advisories/35157

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35313

Source: cve@mitre.org

Vendor Advisory

http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69

Source: cve@mitre.org

http://www.securityfocus.com/bid/35023

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344