Adobe LiveCycle May Let OBSOLETE Users Continue to Access the System
|
|
SecurityTracker Alert ID: 1015906
|
|
SecurityTracker URL: http://securitytracker.com/id?1015906
|
|
CVE Reference: CVE-2006-1628
(Links to External Site)
|
Date: Apr 13 2006
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Adobe Advisory
|
Version(s): Adobe LiveCycle Workflow 7.01 and Adobe LiveCycle Form Manager 7.01
|
Description: A vulnerability was reported in Adobe LiveCycle. A LiveCycle user who has been marked OBSOLETE can continue to access information within LiveCycle.
The LiveCycle user authorization management function contains a flaw. If a user is active within the authentication system (e.g.,
LDAP, Active Directory, eDirectory) but is marked as OBSOLETE in the LiveCycle User Manager tables, the user may be able to continue
to access LiveCycle resources.
|
Impact: A remote authenticated LiveCycle user who has been marked OBSOLETE can continue to access information within LiveCycle.
|
Solution: The vendor has issued a fix.
For LiveCycle Workflow:
http://www.adobe.com/support/products/enterprise/support_knowledge_center_workflow.html
For
LiveCycle Form Manager:
http://www.adobe.com/support/products/enterprise/support_knowledge_center_lc_form_manager.html
The
vendor's advisory is available at:
http://www.adobe.com/support/techdocs/333036.html
|
Vendor URL: www.adobe.com/support/techdocs/333036.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 12 Apr 2006 23:10:08 -0400
Subject: LiveCycle information disclosure to OBSOLETE users
|
http://www.adobe.com/support/techdocs/333036.html
CVE-2006-1628
|
|
