Kbase P181690: Progress OpenEdge Vulnerability: Packet sniffing shows specific packet signature when invalid userI
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
08/02/2011 |
|
Status: Unverified
SYMPTOM(s):
Packet sniffing shows specific packet signature when invalid userID is submitted.
FACT(s) (Environment):
All Supported Operating Systems
Progress 9.x
OpenEdge 10.x
CAUSE:
A third party organization has identified an userID enumeration weakness.
When an incorrect userID is submitted for a connection attempt the network packet is identifiably different than when a valid userID is submitted.
This might be used to identify valid userIDs in a multi-stage process to attack a system.
FIX:
Enable SSL within client and server connections to prevent this potential problem.