IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
BID:23298
Info
IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
| Bugtraq ID: | 23298 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Apr 05 2007 04:22PM |
| Credit: | Reported by IBM. |
| Vulnerable: |
IBM Tivoli Business Service Manager 4.1 |
| Not Vulnerable: | |
Discussion
IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to various unencrypted passwords, potentially allowing them to access the application in an unauthorized manner.
IBM Tivoli Business Service Manager 4.1 is reported vulnerable to this issue; other versions could be affected as well.
IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability that arises because of a design error.
A successful attack can allow a local attacker to gain access to various unencrypted passwords, potentially allowing them to access the application in an unauthorized manner.
IBM Tivoli Business Service Manager 4.1 is reported vulnerable to this issue; other versions could be affected as well.
Exploit / POC
IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
An attacker can use readily available utilities to exploit this issue.
An attacker can use readily available utilities to exploit this issue.
Solution / Fix
IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
Solution:
IBM has released an advisory and a patch that address this issue. Please see the vendor reference for more information.
Solution:
IBM has released an advisory and a patch that address this issue. Please see the vendor reference for more information.
References
IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability
References:
References: