CVE-2009-2856

Name of the Vulnerable Software and Affected Versions Sun Virtual Desktop Infrastructure (VDI) version 3.0

Description The issue occurs when anonymous binding is enabled, and the software fails to properly handle a client's attempt to establish an authenticated and encrypted connection. This might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.

Recommendations For Sun Virtual Desktop Infrastructure (VDI) version 3.0, consider disabling anonymous binding to prevent remote attackers from reading cleartext VDI configuration-data requests. As a temporary workaround, restrict access to the LDAP sessions on the network to minimize the risk of exploitation.