Cleartext Password Storage Vulnerability in IBM Identity Management Solutions

CVE-2014-8923

Summary

The IBM Tivoli Identity Manager and IBM Security Identity Manager Active Directory adapters prior to specified versions contain a vulnerability that allows the storage of administrator passwords in cleartext within log files. This occurs under specific logging and tracing configurations, enabling local users to access sensitive information by reading the log files. Organizations using these products should evaluate their logging settings to mitigate potential exposure of administrator credentials and enhance their security posture.

References