CVE-2009-1077
N/A
N/A
Summary
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1
- http://securitytracker.com/id?1021881
- http://www.securityfocus.com/bid/34191
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://www.vupen.com/english/advisories/2009/0797
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1
- http://secunia.com/advisories/34380
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1
- http://securitytracker.com/id?1021881
- http://www.securityfocus.com/bid/34191
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://www.vupen.com/english/advisories/2009/0797
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1
- http://secunia.com/advisories/34380
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.