Authentication Flaw in IBM License Metric Tool
CVE-2014-4776

Currently unrated

Key Information:

Vendor: IBM
Status: License Metric Tool
Vendor: CVE Published:; 20 May 2015

Summary

The IBM License Metric Tool versions prior to 9.1.0.2 expose authentication fields lacking the 'autocomplete' attribute, allowing remote attackers to potentially gain unauthorized access by exploiting unattended workstations. This oversight can lead to unauthorized users easily bypassing expected authentication methods, highlighting the need for secure authentication practices in software design.

References

http://www.securityfocus.com/bid/74437

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg21713641

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032256

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 20, 2015
Vulnerability Reserved
Jul 9, 2014