VYPR
Unrated severityNVD Advisory· Published Mar 25, 2009· Updated Jun 16, 2026

CVE-2009-1075

CVE-2009-1075

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected products

5
  • cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*
    • (no CPE)range: >=7.0, <=8.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.