|
Tarantella Products User Account Enumeration Security Issue
|
|
Secunia Advisory:
|
SA14348
|
|
|
Release Date:
|
2005-02-21
|
|
Popularity:
|
5,394 views
|
|
|
Critical:
|
 Less critical
|
|
Impact:
|
Exposure of system information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Workaround
|
|
| Software: | Secure Global Desktop 3.x Secure Global Desktop 4.x Tarantella Enterprise 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2005-0486
|
|
Description: A security issue has been reported in Secure Global Desktop Enterprise Edition and Tarantella Enterprise, which can be exploited by malicious people to enumerate valid user accounts and disclose some system information.
The error message returned for failed logins discloses if the user account exists and if RSA SecurID authentication is in use.
Successful exploitation requires that RSA SecurID is enabled and that users share the same username.
The following products are reportedly affected:
* Secure Global Desktop Enterprise Edition, version 4.00
* Secure Global Desktop Enterprise Edition, version 3.42
* Tarantella Enterprise 3, version 3.40
* Tarantella Enterprise 3, version 3.30
Solution: Ensure that no RSA username is mapped to more than one ENS user object.
The security issue will reportedly be fixed in releases later than 4.00.
Provided and/or discovered by: The vendor credits Eliot Mansfield.
Original Advisory: http://www.tarantella.com/security/bulletin-11.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|