Sun Java System Identity Manager (IdM) 7.0 up to and including 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system identity manager 7.0 |
||
sun java system identity manager 7.1 |
||
sun java system identity manager 7.1.1 |
||
sun java system identity manager 8.0 |