User Enumeration Vulnerability in IBM Rational ClearQuest

User Enumeration Vulnerability in IBM Rational ClearQuest

CVE-2014-3105 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.

Learn more about our Cis Benchmark Audit For Ibm I.