Published: 29/01/2009 Updated: 08/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun java system access manager 7_2005q4
sun java system access manager 7.1
sun java system access manager 6.3_2005q1

source: wwwsecurityfocuscom/bid/33489/info Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input Attackers may exploit this weakness to discern valid usernames This may aid them in brute-force password cracking or other attacks This i ...

CWE-200 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1 http://www.securityfocus.com/bid/33489 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 http://secunia.com/advisories/33688 http://www.vupen.com/english/advisories/2009/0269 https://exchange.xforce.ibmcloud.com/vulnerabilities/48283 https://nvd.nist.gov https://www.exploit-db.com/exploits/32762/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0348

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect