The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm lotus instant messaging and web conferencing 6.5.1 |