TLS Configuration Vulnerability in IBM Tivoli Directory Server

CVE-2012-0726

Summary

IBM Tivoli Directory Server versions 6.3 and earlier contain a vulnerability due to the default TLS configuration supporting NULL-MD5 and NULL-SHA ciphers. This allows attackers to exploit the TLS Handshake Protocol to initiate unencrypted communication. Such a misconfiguration poses significant risks, as sensitive data may be transmitted in clear text, open to interception by malicious actors. It is crucial for organizations using affected products to review their TLS settings and ensure strong encryption ciphers are employed to protect against data exposure.

References