Bugtraq mailing list archives
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
From: Marco Mella <marco.mella () aboutsecurity net>
Date: Tue, 7 Apr 2009 14:51:00 +0200
============================================================
Sun Java System Acccess Manager & Identity Manager Users Enumeration
============================================================
Affected Software: Sun Java System Access Server, OpenSSo
Sun Java System Identity Manager
Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net
More information, Advisory and POC URL: http://www.aboutsecurity.net
Sun Java System Identity Manager Security Vulnerabilities
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.1.1
Sun Java System Identity Manager 8.0
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
Sun Java System Identity Manager
Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1
[Summary]
A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID facilitating brute-force attacks.
[Proof of Concept]
Simple POC for users enumeration on Access Manager and Identity Manager
available on http://www.aboutsecurity.net
Current thread:
- POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration Marco Mella (Apr 07)