IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
BID:21570
Info
IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
| Bugtraq ID: | 21570 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 13 2006 12:00AM |
| Updated: | Dec 13 2006 07:43PM |
| Credit: | Reported by IBM. |
| Vulnerable: |
IBM Tivoli Identity Manager 4.6 |
| Not Vulnerable: | |
Discussion
IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
IBM Tivoli Identity Manager is prone to a local information disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to the Java Key Store, thus potentially allowing them to access other certificates and passwords.
IBM Tivoli Identity Manager 4.6 is reported vulnerable to this issue; other versions could be affected as well.
IBM Tivoli Identity Manager is prone to a local information disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to the Java Key Store, thus potentially allowing them to access other certificates and passwords.
IBM Tivoli Identity Manager 4.6 is reported vulnerable to this issue; other versions could be affected as well.
Exploit / POC
IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
An attacker can use command-line utilities to exploit this issue.
An attacker can use command-line utilities to exploit this issue.
Solution / Fix
IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
Solution:
IBM has released an advisory including a workaround to address this issue.
Solution:
IBM has released an advisory including a workaround to address this issue.
References
IBM Tivoli Identity Manager Local Information Disclosure Vulnerability
References:
References: