16 April 2009, 11:35
Novell Teaming vulnerabilities patched
SEC Consult, a security consulting service, has advised of three vulnerabilities in Teaming, Novell's collaboration and conferencing software. The first vulnerability relates to user authentication via a log-in form. Valid and invalid user names receive different responses from the web application, possibly allowing an attacker to generate a list of user names for a dictionary or brute force attack. The other two vulnerabilities could allow for a cross site scripting (XSS) attack.
Teaming 1.0.3 and prior versions are vulnerable. Patches for the log-in vulnerability and for the XSS vulnerabilities are available from Novell.
See also:
- Novell Teaming Multiple Vulnerabilities, security advisory from SEC.
(crve)
Print Version | Send by email
| Permalink: http://h-online.com/-741185
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
