Executive Summary

Summary
Title Sun Alert 101918 Security Vulnerability in the Logging Output of Sun Java System Access Manager
Informations
Name SUN-101918 First vendor Publication 2007-07-10
Vendor Sun Last vendor Modification 2007-07-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score 1.7 Attack Range Local
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Access Manager 2004Q2, Sun Java System Access Manager 6 2005Q1, Sun Java System Identity Server 6.1

When the debug level within Sun Java System Access Manager (formerly Sun Java System Identity Server) is set to "message," login passwords may be logged in plain text and are therefore readable by local unprivileged users. This would allow that user to gain unauthorized access to user identities which are managed by Sun Java System Access Manager.

Avoidance: Patch, Workaround
State: Workaround
First released: 10-Jul-2007

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_101918_security_vulnerability

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
37249 Sun Java System Access Manager /var/opt/SUNWam/debug/amAuth Cleartext Passwor...

Nessus® Vulnerability Scanner

Date Description
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris10_119465.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris10_x86_119465.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris8_119465.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris8_x86_119465.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris9_119465.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119465-17
File : solaris9_x86_119465.nasl - Type : ACT_GATHER_INFO