ODBC Driver Vulnerability in IBM Security AppScan Source Affects SolidDB Database Connections
CVE-2012-2173

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan Source
Vendor: CVE Published:; 20 June 2012

Summary

The ODBC driver in IBM Security AppScan Source versions 7.x and 8.x prior to 8.6 is susceptible to a security weakness that compromises the confidentiality of sensitive connection information. Specifically, during the establishment of a connection to a SolidDB database, the driver transmits the SHA-1 hash of the database connection password. This practice can potentially allow remote attackers to intercept the hash over the network, enabling them to launch further attacks to retrieve the original password and gain unauthorized access to the database.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75242

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21598423

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 20, 2012
Vulnerability Reserved
Apr 4, 2012