Cleartext Password Storage Vulnerability in IBM BladeCenter and System x Servers
CVE-2013-4038

Currently unrated

Key Information:

Vendor: IBM
Status: System X3500 M3; Flex System X440 Compute Node; System X3250 M4; System X3550 M3
Vendor: CVE Published:; 9 August 2013

What is CVE-2013-4038?

The Intelligent Platform Management Interface (IPMI) implementation in the Integrated Management Module (IMM) of various IBM server models exposes sensitive data due to storing passwords in cleartext. This design flaw allows authorized users to access sensitive information by simply reading a file, making it possible for context-dependent attackers to exploit this weakness and potentially compromise system integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86174

vdb-entryx_refsource_XF

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2013
Vulnerability Reserved
Jun 7, 2013