Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1076

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1076
Last Modified 25 Mar 2009 12:00:00
Published 25 Mar 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1076

Summary

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1

  • Sun Java System Identity Manager 7.1.1

  • Sun Java System Identity Manager 8.0


References

BID - 34191

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

VUPEN - ADV-2009-0797

SUNALERT - 253267

SECTRACK - 1021881

SECUNIA - 34380

CONFIRM - http://blogs.sun.com/security/entry/sun_alert_253267_sun_java


Last Updated: 27 May 2016 10:50:27