Local Password Exposure in Sun Java System Access Manager and OpenSSO Enterprise
CVE-2009-2712

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 7 August 2009

Summary

The Sun Java System Access Manager and OpenSSO Enterprise products, when configured to enable the debug flag in AMConfig.properties, pose a risk by allowing local users to extract sensitive cleartext passwords stored within debug files. This vulnerability exposes critical authentication information, which can lead to further compromises within the affected systems.

References

http://osvdb.org/56815

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/35963

vdb-entryx_refsource_BID

http://secunia.com/advisories/36169

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Aug 7, 2009
Vulnerability Reserved
Aug 7, 2009