Tarantella Enterprise information disclosure
| tarantella-enterprise-obtain-information (19407) |  Medium Risk |
Description:
Tarantella Enterprise could allow a remote attacker to determine whether a valid username currently exists and the authentication that is being used. If multiple users are sharing a single username using the RSA SecurID, a remote attacker could trigger a failed login attempt to cause the system to display an error message, allowing the attacker to determine whether a valid username currently exists on the system and the method of authentication that is being used.
Consequences:
Gain Access
Remedy:
No remedy available as of July 9, 2011.
References:
- Secure Global Desktop Enterprise Edition Web page: Secure Global Desktop Enterprise Edition.
- Tarantella Enterprise Web page: Tarantella Enterprise 3.
- BID-12591: Tarantella Enterprise/Secure Global Desktop Remote Information Disclosure Vulnerability
- CVE-2005-0486: Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.
Platforms Affected:
- Sun Secure Global Desktop 3.42
- Sun Secure Global Desktop 4.0 Enterprise
- Tarantella Tarantella Enterprise 3.30
- Tarantella Tarantella Enterprise 3.40
Reported:
Feb 18, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net