CVE-2005-3101

The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

Published: Sep 29, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3101
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
six_apart / movable_type	3.17	3.17.x

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html
http://secunia.com/advisories/16899
http://www.securityfocus.com/bid/14911

Vulnerability Database

290,919

CVE-2005-3101