PR06-02: SiteScape Forum username enumeration

Date found: 23rd January 2006

Vulnerable: 7.2 and possibly earlier versions.

Severity: Medium

CVE reference: CVE-2006-2676

Credits: Richard Brain of ProCheckUp Ltd (www.procheckup.com)

Description:

The SiteScape Forum program, 'dispatch.cgi/_user/uservCard/', allows the enumeration of valid usernames through differing responses to requests.

When a user requests a URL such as the following:

http://[target]/forum/dispatch.cgi/_user/uservCard/[valid username]/

A vCard containing the user's information is downloaded.

If an invalid username is queried, an Internal Error is triggered, e.g.:

"SiteScape Enterprise Forum Internal Error."

Consequences:

The successful enumeration of valid usernames may allow attackers to perform password attacks against known user accounts.

Fix:

Please contact SiteScape to obtain the necessary patches.

References:

http://www.procheckup.com/Vulnerability_2006.php
http://www.sitescape.com

Legal:

Copyright 2006 ProCheckUp Ltd.

All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if the Bulletin is not changed or edited in any way, is attributed to ProCheckUp indicating this web page URL, and provided such reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited.

ProCheckUp is not liable for any misuse of this information by any third party. ProCheckUp is not responsible for the content of external Internet sites.