In association with heise online

16 April 2009, 11:35

Novell Teaming vulnerabilities patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

SEC Consult, a security consulting service, has advised of three vulnerabilities in Teaming, Novell's collaboration and conferencing software. The first vulnerability relates to user authentication via a log-in form. Valid and invalid user names receive different responses from the web application, possibly allowing an attacker to generate a list of user names for a dictionary or brute force attack. The other two vulnerabilities could allow for a cross site scripting (XSS) attack.

Teaming 1.0.3 and prior versions are vulnerable. Patches for the log-in vulnerability and for the XSS vulnerabilities are available from Novell.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit