• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Hosting Controller Information Disclosure Vulnerability

Hosting Controller is an application which centralizes all hosting tasks to one interface. Hosting Controller gives every user the required control they need to manage the appropriate web site relevant to them. Hosting Controller runs on Microsoft Windows systems.

An issue has been discovered in Hosting Controller which may make it easier for remote attackers to brute-force user accounts. When a user enters an invalid username, Hosting Controller gives the following feedback:

"The user name could not be found"

This allows the attacker to determine which usernames are valid. The attacker may then attempt a brute-force attack in an attempt to crack the passwords of valid usernames.