Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lotus Domino用户名可被暴力猜测漏洞
Vulnerability Description
Lotus Domino Server是一个基于Web进行协同工作的软件包,它运行于包括Windows和Unix的多种系统之下。 Lotus Domino Server实现上存在漏洞,远程攻击者可以利用漏洞猜测有效的用户名。 当攻击者对某个用户名提交一个GET请求时,如果用户名有效,服务器会返回"HTTP 200 OK"信息,反之,服务器会返回"404 File not Found"错误信息。攻击者因此可以利用这些信息的差别暴力猜测有效的用户名,主机可能因此泄露用户相关的信息,方便攻击者进一步攻击。
CVSS Information
N/A
Vulnerability Type
N/A