Authentication Bypass in IBM solidDB Affected by Client-Specified Password Hash Length
CVE-2011-1560

Currently unrated

Key Information:

Vendor: IBM
Status: Soliddb
Vendor: CVE Published:; 5 April 2011

Summary

IBM solidDB is vulnerable to an authentication bypass due to an issue in solid.exe, which allows attackers to exploit the system by specifying a short password-hash length value. This flaw permits unauthorized access, compromising the integrity and security of the database system. Affected versions include solidDB prior to version 4.5.181, 6.0.x versions before 6.0.1067, and others in multiple branches such as 6.1.x, 6.3.x, and 6.5.x before specified updates. Users are urged to apply the necessary updates to mitigate this risk.

References

http://www.ibm.com/support/docview.wss?uid=swg21474552

x_refsource_CONFIRM

http://osvdb.org/71494

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/44030

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 5, 2011
Vulnerability Reserved
Apr 5, 2011