CVE-2011-4678

{"id": "CVE-2011-4678", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-06T11:55:07.627", "references": [{"url": "http://dmcdonald.net/?page_id=43", "source": "cve@mitre.org"}, {"url": "https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The password reset feature in One Click Orgs before 1.2.3 generates different error messages for failed reset attempts depending on whether the e-mail address is registered, which allows remote attackers to enumerate user accounts via a series of requests."}, {"lang": "es", "value": "La funci\u00f3n de reseteo de contrase\u00f1a en One Click Orgs antes de su versi\u00f3n v1.2.3 genera diferentes mensajes de error para los intentos de restablecer contrase\u00f1a dependiendo de si la direcci\u00f3n de correo electr\u00f3nico est\u00e1 registrada o no, lo que permite a atacantes remotos obtener las cuentas de usuario registradas a trav\u00e9s de peticiones repetitivas."}], "lastModified": "2011-12-08T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "986482E2-0875-41FD-B10F-1D415229722E", "versionEndIncluding": "1.2.2"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E19D160-676C-4D93-8224-DD3BA7296A56"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0551C219-6CD6-4DBB-B36F-54B750EDA9F6"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04E09162-B070-441F-BE2D-EF2C5F515339"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A2140E-685F-41E7-AEC4-82DEBC2B3B60"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D9A2D4-CC43-453E-A3A6-17DD21988617"}, {"criteria": "cpe:2.3:a:oneclickorgs:one_click_orgs:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43103D6D-C861-409B-BC58-036B735F5C4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}