Cleartext Database Credential Transmission in IBM InfoSphere Guardium
CVE-2012-3312

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Guardium
Vendor: CVE Published:; 29 August 2012

Summary

The datasource definition editor in IBM InfoSphere Guardium versions 8.2 and earlier, when configured with the save-password setting enabled, transmits sensitive database credentials in cleartext. This vulnerability allows remote attackers to gain access to confidential information by monitoring network traffic. Security best practices dictate that sensitive data such as database credentials should be encrypted during transmission to prevent unauthorized access and data breaches.

References

http://en.securitylab.ru/lab/PT-2012-15

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/77785

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21609224

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 29, 2012
Vulnerability Reserved
Jun 7, 2012