User Enumeration Vulnerability in IBM Rational ClearQuest
CVE-2014-3105 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.
Learn more about our Cis Benchmark Audit For Ibm I.