CVE-2004-1697

An unauthenticated remote attacker connects to the management portal (default port 8080) and navigates to the 'Forgot your Password?' link. By submitting a username, the attacker observes the returned error message — a non-existent user yields 'User not found: <username>' while a valid user yields a different response [ref_id=1]. This information leak allows the attacker to enumerate valid usernames via a script, which can then be used to mount brute-force password attacks against the portal [ref_id=1].

The vulnerability resides in the 'Forgot your Password' feature of CA Unicenter Management Portal 2.0 and 3.1. The portal's password-recovery logic returns distinct error messages depending on whether the submitted username exists: 'User not found: test' for invalid accounts versus 'Password has been sent' or 'Email address not Found' for valid ones [ref_id=1].

No patch is provided in the advisory; instead, the vendor recommends disabling the 'Forgot Password' feature entirely as a workaround. This is done by adding `show.passwords.in.api=false` to the `[PORTAL_INSTALL]\properties\local.properties` file and restarting the portal [ref_id=1]. Disabling the feature eliminates the information-leak vector because the attacker can no longer query the password-recovery endpoint to distinguish valid from invalid usernames.