Local Password Exposure in Sun Java System Access Manager and OpenSSO Enterprise
CVE-2009-2712

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Access Manager
Vendor
CVE Published:
7 August 2009

Summary

The Sun Java System Access Manager and OpenSSO Enterprise products, when configured to enable the debug flag in AMConfig.properties, pose a risk by allowing local users to extract sensitive cleartext passwords stored within debug files. This vulnerability exposes critical authentication information, which can lead to further compromises within the affected systems.

References

http://osvdb.org/56815
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/35963
vdb-entryx_refsource_BID
http://secunia.com/advisories/36169
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.