NuytsTech Security

CVE-2009-1076

by ·

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Date published : 2009-03-25

http://www.securityfocus.com/bid/34191

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Tags: