Sensitive Information Exposure in IBM Tivoli Federated Identity Manager
CVE-2009-5084

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 12 August 2011

Summary

IBM Tivoli Federated Identity Manager version 6.2.0 prior to 6.2.0.2 may expose sensitive information through cleartext log entries. When the tracing functionality of the InfoCardSTSDelegate is enabled, it can result in a vulnerability where passwords are logged in plaintext. This misconfiguration allows local users to read the log data and potentially access sensitive credentials, compromising the security of the system.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44560

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg24029497

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2011