Sun OpenSSO / Java System Access Manager Login Module User Account Enumeration Weakness
Medium Nessus Plugin ID 35618
SynopsisThe remote web server contains a module that leaks information.
DescriptionThe remote host is running Sun OpenSSO, or Sun Java System Access Manager as it was previously known, an enterprise-class product that provides web access management, federation, and web services security.
The version of the Login module included with Sun OpenSSO / Sun Java System Access Manager on the remote host allows an unauthenticated, remote attacker to enumerate users during the login phase using specially crafted requests.
SolutionApply the appropriate patch referenced in the vendor advisory above.