Test ID:	1.3.6.1.4.1.25623.1.0.80021
Category:	Web application abuses
Title:	WebCalendar < 1.0.4 User Account Enumeration Disclosure Vulnerability - Active Check
Summary:	The version of WebCalendar on the remote host is prone to a user; account enumeration weakness in that in response to login attempts it returns different error messages; depending on whether the user exists or the password is invalid.
Description:	Summary: The version of WebCalendar on the remote host is prone to a user account enumeration weakness in that in response to login attempts it returns different error messages depending on whether the user exists or the password is invalid. Solution: Upgrade to WebCalendar 1.0.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2247 BugTraq ID: 17853 http://www.securityfocus.com/bid/17853 Bugtraq: 20060504 WebCalendar User Account Enumeration Weakness (Google Search) http://www.securityfocus.com/archive/1/433053/100/0/threaded Bugtraq: 20060505 Re: WebCalendar User Account Enumeration Weakness (Google Search) http://www.securityfocus.com/archive/1/433077/100/0/threaded Debian Security Information: DSA-1056 (Google Search) http://www.debian.org/security/2006/dsa-1056 http://www.osvdb.org/25280 http://secunia.com/advisories/19974 http://secunia.com/advisories/20108 XForce ISS Database: webcalendar-user-information-disclosure(26262) https://exchange.xforce.ibmcloud.com/vulnerabilities/26262
Copyright	Copyright (C) 2008 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.