Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/33119 | third party advisory |
| http://www.securityfocus.com/bid/32772 | vdb entry |
| http://secunia.com/advisories/33108 | third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47258 | vdb entry |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 | patch vendor advisory |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 | patch vendor advisory |
| http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm | |
| http://securitytracker.com/id?1021379 | vdb entry |
| http://www.vupen.com/english/advisories/2008/3406 | vdb entry |
| http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 | patch |
| http://www.vupen.com/english/advisories/2008/3407 | vdb entry |