Unrated severityNVD Advisory· Published Mar 25, 2009· Updated Jun 16, 2026
CVE-2009-1077
CVE-2009-1077
Description
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
Affected products
5cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*
- (no CPE)range: >=7.0, <=8.0
Patches
Vulnerability mechanics
References
10- blogs.sun.com/security/entry/sun_alert_253267_sun_javanvdPatchVendor Advisory
- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- www.securityfocus.com/bid/34191nvdExploitPatch
- secunia.com/advisories/34380nvdVendor Advisory
- www.vupen.com/english/advisories/2009/0797nvdVendor Advisory
- securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.