PT-2009-3654 · Sun · Sun Java System Identity Manager

Published

2009-03-25

Updated

2009-10-06

CVE-2009-1075

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue allows remote attackers to enumerate valid usernames by exploiting the different responses to failed use of the Forgot Password feature, depending on whether the user account exists.

Recommendations For versions 7.0 through 8.0, consider restricting access to the Forgot Password feature as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2009-1075

Affected Products

Sun Java System Identity Manager

PT-2009-3654 · Sun · Sun Java System Identity Manager

CVE-2009-1075

Weakness Enumeration

Related Identifiers

Affected Products

References · 8