IBM Tivoli Key Lifecycle Manager (TKLM) is a set of key lifecycle management software from IBM Corporation. The software provides key storage, key maintenance, and key lifecycle management for storage devices.A security vulnerability exists in IBM Tivoli Key Lifecycle Manager, which stems from the fact that IBM Tivoli Key Lifecycle Manager does not set security attributes on authorization tokens or session cookies. An attacker could exploit the vulnerability to obtain cookie values by sending an http: link to the user or planting the link in the site the user visits.