Access Control Flaw in IBM Tivoli Federated Identity Manager Products
CVE-2013-5429

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 21 January 2014

Summary

A security flaw exists in IBM Tivoli Federated Identity Manager and its Business Gateway versions prior to FP9, where the Risk Based Access functionality permits the reuse of One Time Password (OTP) tokens. This design oversight enables remote authenticated users to exploit previously used tokens, facilitating unauthorized access during transactions. It underscores the necessity for improved token management to enhance security and prevent potential misuse of access controls.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21660510

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21660509

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jan 21, 2014
Vulnerability Reserved
Aug 22, 2013