« Sun Alert 102993... | Main | Sun Alert 102856... »
10 Jul 2007 Sun Alert 101918 Security Vulnerability in the Logging Output of Sun Java System Access Manager
posted by security in Alerts
Product: Sun Java System Access Manager 2004Q2, Sun Java System Access Manager 6 2005Q1, Sun Java System Identity Server 6.1

When the debug level within Sun Java System Access Manager (formerly Sun Java System Identity Server) is set to "message," login passwords may be logged in plain text and are therefore readable by local unprivileged users. This would allow that user to gain unauthorized access to user identities which are managed by Sun Java System Access Manager.

Avoidance: Patch, Workaround
State: Workaround
First released: 10-Jul-2007
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101918-1
Permalink | Comments [0]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_101918_security_vulnerability
Comments:

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed

« Sun Alert 102993... | Main | Sun Alert 102856... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.