Authentication Vulnerability in IBM Tivoli Directory Server Web Administration Tool
CVE-2011-2759

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Directory Server
Vendor: CVE Published:; 17 July 2011

Summary

The IBM Tivoli Directory Server's Web Administration Tool (IDSWebApp) contains a vulnerability due to the absence of the 'autocomplete' attribute in authentication fields on its login page. This oversight allows attackers to potentially gather credentials from unattended workstations, leading to unauthorized access. Securing these authentication processes is crucial to mitigating the risk of exploitation.

References

http://www.ibm.com/support/docview.wss?uid=swg1IO14165

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg24030320

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/68585

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 17, 2011
Vulnerability Reserved
Jul 17, 2011