The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an malicious user to discover the names of valid user accounts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ovirt ovirt-engine |
||
redhat virtualization 4.0 |
||
redhat virtualization_host 4.0 |