4 matches found
CVE-2009-1076
CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...
CVE-2009-1075
CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...
CVE-2008-0241
CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...
CVE-2009-1074
CVE-2009-1074 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The issue is that SSL is not used in all expected circumstances, enabling remote attackers to potentially obtain sensitive information by sniffing network traffic. The description notes related factors such as lack of s...