CVE-2007-3700

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager versions before 20070710

Description The issue allows local users to gain privileges by reading the debug log file. This occurs when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, causing cleartext login passwords to be logged.

Recommendations For Sun Java System Access Manager versions before 20070710, consider modifying the com.iplanet.services.debug.level property in AMConfig.properties to prevent logging of cleartext login passwords. As a temporary workaround, restrict access to the /var/opt/SUNWam/debug/amAuth log file to minimize the risk of exploitation.