Password Disclosure Vulnerability in IBM Sametime Classic Meeting Server
CVE-2014-4747

Currently unrated

Key Information:

Vendor: IBM
Status: Sametime
Vendor: CVE Published:; 26 July 2014

Summary

The Classic Meeting Server in IBM Sametime versions 8.x through 8.5.2.1 is susceptible to a vulnerability that enables attackers physically nearby to extract meeting password hashes. This often occurs when an attacker gains access to an unattended workstation where the victim's browser is open, allowing them to view the HTML source code. The exposure of sensitive information can lead to unauthorized access, making it crucial for users to secure their workstations and be aware of this potential risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21679221

x_refsource_CONFIRM

http://packetstormsecurity.com/files/127830/IBM-Sametime-...

x_refsource_MISC

http://linux.oracle.com/errata/ELSA-2014-0747.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 26, 2014
Vulnerability Reserved
Jul 9, 2014