Local Password Exposure in Sun Java System Access Manager and OpenSSO Enterprise
CVE-2009-2712
Currently unrated
Summary
The Sun Java System Access Manager and OpenSSO Enterprise products, when configured to enable the debug flag in AMConfig.properties, pose a risk by allowing local users to extract sensitive cleartext passwords stored within debug files. This vulnerability exposes critical authentication information, which can lead to further compromises within the affected systems.
References
Timeline
Vulnerability published
Vulnerability Reserved