The error message associated with a bad password changed. It's different with 6.3. I don't remember about 6.0. I believe that the error message was changed to address this issue. Dave
________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of Axton Sent: Tuesday, January 16, 2007 6:25 PM To: [email protected] Subject: Re: Remedy Vulnerability ** Enumeration implies a full list of accounts can be retrieved. This individual seems to have a track record of exploit discoveries: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0547.html http://www.security-express.com/archives/fulldisclosure/2004-09/0189.htm l http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-09/007 2.html http://www.securitytracker.com/alerts/2004/Feb/1009069.html and on and on... In any case, I've added it to the list on arswiki: http://arswiki.org/wiki/ARS_Vulnerabilities Axton Grams On 1/16/07, David Yearsley <[EMAIL PROTECTED]> wrote: ** One of our security people found this website http://www.securityfocus.com/bid/22066/discuss and is very. We have not been on version 5.01.02 for sometime and I was wondering if this vulnerability has been address in later version? Thanks for any information. __20060125_______________________This posting was submitted with HTML in it___ __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
