Information Disclosure: Differential Error Messages in CS&T CorporateTime for the Web

Information Disclosure: Differential Error Messages in CS&T CorporateTime for the Web

CVE-2000-1030 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server.

Learn more about our Web App Pen Testing.