Required CVE Record Information
Description
WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks.
References 3 Total
- iss.net: xpede-datasource-reveal-account(8902) vdb-entry
- archives.neohapsis.com: 20020419 Xpede many vulnerabilities mailing-list
- securityfocus.com: 4553 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- iss.net: xpede-datasource-reveal-account(8902) vdb-entryx_transferred
- archives.neohapsis.com: 20020419 Xpede many vulnerabilities mailing-listx_transferred
- securityfocus.com: 4553 vdb-entryx_transferred