CVE-2009-1075

N/A Unknown

Published: March 25, 2009 Modified: April 23, 2026

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/34380

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1021881

Source: cve@mitre.org

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

Source: cve@mitre.org

Patch

http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securityfocus.com/bid/34191

Source: cve@mitre.org

Exploit Patch

http://www.vupen.com/english/advisories/2009/0797

Source: cve@mitre.org

Vendor Advisory

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java