CVE-2009-1076
published 2009-03-25CVE-2009-1076: Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the…
medium5CVSS 3.1
AVNACLAuNCPINAN
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | java_system_identity_manager | — | — |
| sun | java_system_identity_manager | — | — |
| sun | java_system_identity_manager | — | — |
| sun | java_system_identity_manager | — | — |