Session Management Flaw in Sun Ray Server Software on Solaris 10
CVE-2009-4314

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 14 December 2009

Summary

The Sun Ray Server Software 4.1, when configured with Automatic Multi-Group Hotdesking (AMGH), presents a vulnerability that allows attackers to exploit the session management process. Specifically, upon a logout action, the system logs the user back in immediately, potentially granting access to unauthorized users if they are at a physically proximate DTU device. This occurrence heightens the risk of unauthorized access, emphasizing the need for users to remain vigilant about device security and session management protocols.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 14, 2009