CVE-2009-1076

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 25 March 2009

Summary

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 25, 2009