PT-2009-3011 · Sun · Sun Java System Access Manager

Published

2009-01-29

Updated

2017-08-08

CVE-2009-0348

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager versions 6.3 through 7.1

Description The issue concerns the login module's behavior in responding differently to failed login attempts based on whether the user account exists. This allows remote attackers to enumerate valid usernames.

Recommendations For Sun Java System Access Manager versions 6.3 through 7.1, consider restricting access to the login module to minimize the risk of exploitation. As a temporary workaround, limit the number of failed login attempts to prevent username enumeration.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-0348

Affected Products

Sun Java System Access Manager

PT-2009-3011 · Sun · Sun Java System Access Manager

CVE-2009-0348

Weakness Enumeration

Related Identifiers

Affected Products

References · 8