AOH :: HP Unsorted P :: VA3089.HTM

POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration



POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration
POC - Sun Java System Acccess Manager & Identity Manager Users Enumeration



=========================================================== Sun Java System Acccess Manager & Identity Manager Users Enumeration
===========================================================
 Affected Software: Sun Java System Access Server, OpenSSo
                               Sun Java System Identity Manager

 Author: Marco Mella - marco[ dot ]mella[at]aboutsecurity[dot]net
More information, Advisory and POC URL: http://www.aboutsecurity.net 

Sun Java System Identity Manager Security Vulnerabilities
    Sun Java System Identity Manager 7.0
    Sun Java System Identity Manager 7.1
    Sun Java System Identity Manager 7.1.1
    Sun Java System Identity Manager 8.0
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 

Sun Java System Identity Manager
    Sun Java System Access Manager 6 2005Q1 (6.3)
    Sun Java System Access Manager 7 2005Q4 (7.0)
    Sun Java System Access Manager 7.1
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 

 [Summary]

 A Security Vulnerability in Sun Java System Access Manager and Identity
Manager allow a Remote Unprivileged User to Determine the existence of
"guessed" UserID  facilitating brute-force attacks.


[Proof of Concept]
Simple POC for users enumeration on Access Manager and Identity Manager
available on http://www.aboutsecurity.net 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.