BugTraq
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration Apr 07 2009 12:51PM
Marco Mella (marco mella aboutsecurity net)
============================================================
Sun Java System Acccess Manager & Identity Manager Users Enumeration
============================================================

Affected Software: Sun Java System Access Server, OpenSSo
Sun Java System Identity Manager

Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net
More information, Advisory and POC URL: http://www.aboutsecurity.net

Sun Java System Identity Manager Security Vulnerabilities
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.1.1
Sun Java System Identity Manager 8.0
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Sun Java System Identity Manager
Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1

[Summary]

A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID facilitating brute-force attacks.

[Proof of Concept]
Simple POC for users enumeration on Access Manager and Identity Manager
available on http://www.aboutsecurity.net

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus