Cleartext Password Exposure in IBM Rational Directory Server and Administrator
CVE-2014-3089

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Directory Server; Rational Directory Administrator
Vendor: CVE Published:; 22 August 2014

What is CVE-2014-3089?

The RDS Java Client library in IBM Rational Directory Server and Rational Directory Administrator contains a security vulnerability that allows local users to access the root password in cleartext format. Specifically, this issue affects versions prior to specific iFix releases for both RDS and RDA. This can lead to unauthorized access and compromise the integrity of the system, making it crucial for administrators to apply available patches to mitigate potential risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21681554

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/94255

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/69300

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2014
Vulnerability Reserved
Apr 29, 2014