WebCalendar versions 1.2.5 and 1.2.6 allow an attacker to determine a valid user id on the system. After submitting an invalid ID the software, “Invalid Login: no such user.” Please see screen shot below.
Twitter feed"Ty @DC_BHV attendees 4 awesome reviews @defcon. No vendor names, no vulns discl. Only Q&A slide, back story, & rec 2 isolate & DiD all PACS."38 days ago"Neat video on a physical security safe hack. Safe gap vuln reminds me of same vuln in Masterlock dial/combo locks: https://t.co/EdSjiFPAKd"45 days ago"Here's a debate: very busy NYC Starbucks protected it's bathroom w/12345. Is keypad pwd length & "complexity" OK given resource & attackers?"46 days ago"Not the best password.... https://t.co/jAIMK3GjUN"48 days ago"Looking forward to speaking at DefCon this year in the BioHacking Village on some vulnerable healthcare software. https://t.co/B7CyvOBikP"49 days ago"Looking forward to moderating a panel at this @owaspnyc event. Hope to see you there: https://t.co/auqeD30mfT https://t.co/7aP0J6aMw0"84 days ago"😂😜 #wannacry https://t.co/nQqzWZCgUN"117 days ago"#wannacry is a reminder that Defense will always be harder than Offense. Now, will we see an increase in worms written? Like early 2000s?"117 days ago"😂 https://t.co/5oUr3NgtOa https://t.co/w18FQxC89k"129 days ago"Representing @owaspnyc with @RedTeamBlueTeam! Drink hacking at it's finest.... https://t.co/fKPxzda3T1"148 days ago