CVE-2013-5429

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 21 January 2014

Summary

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21660510

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21660509

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Aug 22, 2013