Vulnerability: CVE-2013-1422 – WebCalendar 1.2.5 & 1.2.6 Valid User Determination

WebCalendar versions 1.2.5 and 1.2.6 allow an attacker to determine a valid user id on the system. After submitting an invalid ID the software, “Invalid Login: no such user.” Please see screen shot below.

no-such-user