Info

Disclosure

Nov 01, 2005

Discovery

Apr 07, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Ringtail CaseBook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker attempts to log into the system and receives varying error messages with each username attempt, disclosing whether the username is valid or not, resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 2005 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

FTI Consulting, Inc.

Ringtail CaseBook

6.1.0

References

Secunia Advisory ID: 17383
CVE ID: 2005-3480 (see also: NVD)
Related OSVDB ID: 20423
Other Advisory URL: http://www.procheckup.com/Vulner_PR0413.php
Vendor URL: http://www.ringtailsolutions.com/

Credit

Gemma Hughes - gemma.hughesprocheckup.com - ProCheckUp

Direct URL: http://osvdb.org/36218