Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Lotus Sametime用户名枚举漏洞
Vulnerability Description
Lotus Sametime是IBM推出的统一商务协作平台,集成了即时消息与Web会议、语音通讯、移动设备等服务。 在试图登录到Lotus Sametime时,如果用户提交的是有效的用户名和无效口令,服务器经过5-8秒返回Invalid logon出错消息,而如果提及了无效的用户名和无效的口令,只需1-3秒就会返回上述出错消息。攻击者可以利用这个时间上的差异判断用户名是否有效。
CVSS Information
N/A
Vulnerability Type
N/A