AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2008-5423: Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a conf

infovulnerability

security

Source: NVD/CVE DatabaseDecember 11, 2008CVE-2008-5423

Summary

Sun Ray Server Software versions 3.x and 4.0, along with Sun Ray Windows Connector versions 1.1 and 2.0, have a vulnerability where the LDAP password (a credential used to access directory services) is exposed during configuration. This allows local users (people with access to the system) to discover the Sun Ray administration password and gain unauthorized access to the Data Store and Administration GUI (graphical user interface, the visual control panel).

Solution / Mitigation

Patches are available from Sun at the following locations: http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1, http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1, and http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1.

Vulnerability Details

CVSS Score

4.3

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-200

CAPEC (Attack Pattern)

CAPEC-116

Original source: https://nvd.nist.gov/vuln/detail/CVE-2008-5423

First tracked: February 15, 2026 at 08:46 PM

Classified by LLM (prompt v3) · confidence: 95%