Posted by naphthalin via Fulldisclosure on Sep 10
“I know where your children go to school.”
The web front end of the IServ school server from IServ GmbH allows user
enumeration. Responses during failed login attempts differ, depending on
if the user account exists, does not exist and other conditions. While
this does not pose a security risk in many applications, it has to be
considered extremely problematic in software designed for schools. Due
to the widespread use of IServ in…
– Read More – Full Disclosure
