CVE-2009-1076
N/A
N/A
Summary
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1
- http://securitytracker.com/id?1021881
- http://www.securityfocus.com/bid/34191
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://www.vupen.com/english/advisories/2009/0797
- http://secunia.com/advisories/34380
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1
- http://securitytracker.com/id?1021881
- http://www.securityfocus.com/bid/34191
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://www.vupen.com/english/advisories/2009/0797
- http://secunia.com/advisories/34380
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.