CVE-2009-2435

Metadata

CVE-2009-2435
5.0
securityfocus.com, senseofsecurity.com.au
2009-07-13
2017-06-06 20:20

Description

The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Related Vulnerabilities