=======================================================================

Products:      Absolute Poker, PokerStars

URLs:          http://www.absolutepoker.com
	       http://www.pokerstars.com
               

Vulnerability: Remote Username Enumeration

Affected:      All Vendors Listed

=======================================================================


Details:

Multiple Online Poker Softwares have a user enumeration vulnerability
in their authentication systems. Attackers could take advantage of this
flaw to brute force accounts for these online poker vendors. Here is
the login data for those affected:

[Absolute Poker]

RIGHT username, WRONG password:

"Incorrect password has been entered. Please make sure the password is correct."

WRONG username, WRONG password:

"Login ID is not recognized. Please make sure the ID is correct."

..........

[PokerStars]

RIGHT username, WRONG password:

"The password you entered is incorrect. Please try again"

WRONG username, WRONG password:

"The UserID (nickname) you entered is incorrect. Please try again"

========================================================================

Jeremy Brown [0xjbrown41@gmail.com/jbrownsec.blogspot.com]