Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:23:57
Updated: 2022-10-03T16:23:57
Reserved: 2022-10-03T00:00:00
Link: CVE-2009-1076
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-03-25T15:30:00.297
Modified: 2009-03-25T15:30:00.297
Link: CVE-2009-1076
JSON object: View
Redhat Information
No data.
CWE