CVE-2013-5461
Summary
| CVE | CVE-2013-5461 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-27 16:29:00 UTC |
| Updated | 2018-06-04 16:22:00 UTC |
| Description | IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Endpoint Manager For Remote Control | 9.0.0 | All | All | All |
| Application | Ibm | Endpoint Manager For Remote Control | 9.0.1 | All | All | All |
| Application | Ibm | Endpoint Manager For Remote Control | 9.0.0 | All | All | All |
| Application | Ibm | Endpoint Manager For Remote Control | 9.0.1 | All | All | All |
| Application | Ibm | Tivoli Remote Control | 5.1.2 | All | All | All |
| Application | Ibm | Tivoli Remote Control | 5.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | VDB Entry, Vendor Advisory |
| IBM Security Bulletin: Insecure Storage of Passwords in IBM Endpoint Manager for Remote Control (CVE-2013-5461 ) - IBM PSIRT Blog | CONFIRM | www.ibm.com | Vendor Advisory |
| IBM Security Bulletin: Insecure Storage of Passwords in Tivoli Remote Control (CVE-2013-5461 ) - IBM PSIRT Blog | CONFIRM | www.ibm.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.