CVE-2009-1077

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager versions 7.0 through 8.0

Description The issue concerns the Change My Password feature in the admin interface, which fails to enforce the RequiresChallenge property setting. This allows remote authenticated users to change the passwords of other users without proper authorization, potentially leading to unauthorized access and changes to sensitive accounts.

Recommendations For Sun Java System Identity Manager versions 7.0 through 8.0, ensure that the RequiresChallenge property is properly enforced to prevent unauthorized password changes. Consider temporarily restricting access to the Change My Password feature in the admin interface until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.