Back to search
CVE-2002-2410
Published: Nov 1, 2007
Modified: Sep 17, 2024
PUBLISHED
Description
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
open-webmail-information-disclosure(10684)
vdb-entry
x_refsource_XF
20021119 Open WebMail 1.71 "background" magic info
mailing-list
x_refsource_BUGTRAQ
6232
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now