{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-06-06T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"name": "35157", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35157"}, {"name": "35313", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35313"}, {"name": "35023", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35023"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"name": "FEDORA-2009-5773", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"name": "FEDORA-2009-5769", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"name": "FEDORA-2009-5764", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69", "refsource": "MISC", "url": "http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=133&cntnt01returnid=69"}, {"name": "35157", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35157"}, {"name": "35313", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35313"}, {"name": "35023", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35023"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"name": "FEDORA-2009-5773", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"name": "FEDORA-2009-5769", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"name": "FEDORA-2009-5764", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:27:54.265Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"name": "35157", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35157"}, {"name": "35313", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35313"}, {"name": "35023", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35023"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"name": "FEDORA-2009-5773", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"name": "FEDORA-2009-5769", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"name": "FEDORA-2009-5764", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1769", "datePublished": "2009-05-22T18:00:00", "dateReserved": "2009-05-22T00:00:00", "dateUpdated": "2024-08-07T05:27:54.265Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}, {"lang": "es", "value": "La interfaz web en Open Computer and Software Inventory Next Generation (OCS Inventory NG) versi\u00f3n 1.01 genera diferentes mensajes de error dependiendo de si un nombre de usuario es v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuarios v\u00e1lidos."}], "id": "CVE-2009-1769", "lastModified": "2024-11-21T01:03:18.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-22T18:30:00.313", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35157"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35313"}, {"source": "cve@mitre.org", "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35023"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "NG: Authentication result varies for existent and non-existent users", "id": "502250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=502250"}, "csaw": false, "details": ["The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."], "name": "CVE-2009-1769", "public_date": "2009-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-1769\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-1769"], "threat_severity": "Low"}