CVE-2008-5423

Sun Ray Server 3.x-4.0 & Windows Connector 1.1-2.0 - LDAP Password Exposure

Title source: llm
STIX 2.1

Description

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

References (11)

Core 11
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33119
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32772
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33108
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47258
Patch vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1021379
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3406
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3407

Scores

EPSS 0.0008
EPSS Percentile 22.9%

Details

CWE
CWE-200
Status published
Products (6)
sun/ray_server_software 3.0 (2 CPE variants)
sun/ray_server_software 3.1 (3 CPE variants)
sun/ray_server_software 4.0 (3 CPE variants)
sun/ray_server_software 3.1.1
sun/ray_windows_connector 1.1 (3 CPE variants)
sun/ray_windows_connector 2.0 (3 CPE variants)
Published Dec 11, 2008
Tracked Since Feb 18, 2026