Both the Sun Java System Access Manager and Identity Manager suffer from a user enumeration vulnerability. Identity Manager versions 7.0, 7.1, 7.1.1, and 8.0 are affected. Access Manager versions 6 2005Q1 (6.3), 7 2005Q4 (7.0), and 7.1 are affected.
7bfe0910609a493bb10b037157ebbf012af2872cf1f1865fe4f2e024c4a3928d