An issue stemming from a bug in the Sun JDK version 1.4.2 on UNIX and Linux platforms can expose passwords used in various scenarios.
EAServer Manager displays connection caches that have passwords in them. Under normal circumstances, these passwords are hidden, however, due to a security issue in JDK 1.4.2, a user with guest permission to EAServer Manager can discover the password stored in a connection cache. This password can be used to gain unauthorized access to a protected database. EAServer 5.2 and 5.3, and products that embed them, are affected by this issue.
To address this problem, download and install the appropriate Sybase EBF files listed in Table 1.
Product |
Version |
Platform |
EBF # |
|---|---|---|---|
EAServer |
5.2 |
Solaris |
13238 |
EAServer |
5.2 |
Linux |
13507 |
EAServer |
5.2 |
AIX |
13508 |
EAServer |
5.2 |
HP-UX |
13509 |
