Password Storage Vulnerability in IBM Endpoint Manager and Tivoli Remote Control
CVE-2013-5461

8.8HIGH

Key Information:

Vendor
IBM
Status
Endpoint Manager For Remote Control
Vendor
CVE Published:
27 April 2018

Summary

The vulnerability in IBM Endpoint Manager for Remote Control and Tivoli Remote Control arises from the insecure storage of multiple hashes of partial passwords. This design flaw enables remote attackers to exploit access to these hashes, facilitating the decryption of passwords and potentially compromising sensitive information. Organizations using these products need to implement stronger password storage mechanisms to mitigate the risk of unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/88309
vdb-entryx_refsource_XF
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ins...
x_refsource_CONFIRM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ins...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.