[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
- To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
- From: Marco Mella <marco.mella@xxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Apr 2009 14:51:00 +0200
============================================================
Sun Java System Acccess Manager & Identity Manager Users Enumeration
============================================================
Affected Software: Sun Java System Access Server, OpenSSo
Sun Java System Identity Manager
Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net
More information, Advisory and POC URL: http://www.aboutsecurity.net
Sun Java System Identity Manager Security Vulnerabilities
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.1.1
Sun Java System Identity Manager 8.0
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
Sun Java System Identity Manager
Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1
[Summary]
A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID facilitating brute-force attacks.
[Proof of Concept]
Simple POC for users enumeration on Access Manager and Identity Manager
available on http://www.aboutsecurity.net