Description: A weakness has been reported in IBM Rational ClearQuest, which can be exploited by malicious people to identify valid user accounts.
The problem is that different error messages are returned depending on whether an unsuccessful login attempt is performed with a valid or invalid username.
An issue regarding session cookies that contain user information has also been reported.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.