Vulnerabilities

CVE-2009-0348

by Fred · 29/01/2009

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Date published : 2009-01-29

http://www.securityfocus.com/bid/33489

http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1

Related

Tags: Cybersecurity Alert