PT-2009-5096 · Sun · Opensso Enterprise+1

Published

2009-08-07

Updated

2009-08-15

CVE-2009-2712

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager versions 6.3 2005Q1 through 7.1 OpenSSO Enterprise version 8.0

Description The issue allows local users to discover cleartext passwords by reading debug files when the debug flag is enabled in AMConfig.properties.

Recommendations For Sun Java System Access Manager versions 6.3 2005Q1 through 7.1, consider disabling the debug flag in AMConfig.properties to prevent cleartext passwords from being written to debug files. For OpenSSO Enterprise version 8.0, consider disabling the debug flag in AMConfig.properties to prevent cleartext passwords from being written to debug files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-2712

Affected Products

Opensso Enterprise

Sun Java System Access Manager

PT-2009-5096 · Sun · Opensso Enterprise+1

CVE-2009-2712

Weakness Enumeration

Related Identifiers

Affected Products

References · 8