CVE-2009-1076

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue allows remote attackers to enumerate valid usernames by exploiting a difference in response to failed use of the end-user question-based login feature, depending on whether the user account exists.

Recommendations For versions 7.0 through 8.0, consider restricting access to the end-user question-based login feature until a fix is available. As a temporary workaround, disabling the question-based login feature can help minimize the risk of username enumeration.