MitreCVELIST:CVE-2009-1077

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1077

2022-10-0316:23:57

mitre

www.cve.org

cve-2009-1077

change my password

admin interface

identity manager

remote users

password change

6.3 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator’s password.

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797