Password Field Vulnerability in IBM InfoSphere Information Server and Business Glossary
CVE-2012-4832

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Information Server; Infosphere Business Glossary
Vendor: CVE Published:; 31 January 2013

Summary

The Information Services Framework (ISF) in certain versions of IBM InfoSphere Information Server and InfoSphere Business Glossary contains a flaw where the password field on the login page lacks the 'autocomplete' attribute set to 'off'. This oversight can allow attackers to retrieve user passwords from unattended workstations, posing a significant security risk to sensitive information and access control.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21623501

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/78906

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 31, 2013
Vulnerability Reserved
Sep 6, 2012