Information Disclosure in IBM Tivoli Federated Identity Manager
CVE-2012-3310

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 17 January 2013

Summary

IBM Tivoli Federated Identity Manager (TFIM) versions prior to 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 are susceptible to vulnerabilities that allow context-dependent attackers to expose sensitive information. This includes the possibility of discovering cleartext passwords such as LDAP Bind Passwords, keystore passwords, Basic Authentication passwords from clients, and user passwords due to a logging configuration that incorrectly retains sensitive data at verbose levels. Organizations using these affected versions should consider upgrading or applying mitigation strategies to protect user credentials from unauthorized exposure.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26823

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26824

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/77695

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 17, 2013
Vulnerability Reserved
Jun 7, 2012