Unrated severityNVD Advisory· Published Mar 25, 2009· Updated Jun 16, 2026
CVE-2009-1075
CVE-2009-1075
Description
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Affected products
5cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*
- (no CPE)range: >=7.0, <=8.0
Patches
Vulnerability mechanics
References
7- blogs.sun.com/security/entry/sun_alert_253267_sun_javanvdPatchVendor Advisory
- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.securityfocus.com/bid/34191nvdExploitPatch
- secunia.com/advisories/34380nvdVendor Advisory
- www.vupen.com/english/advisories/2009/0797nvdVendor Advisory
- securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.