3 matches found
CVE-2009-1076
Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1076
Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1076
CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...