Memory corruption

2018-04-2716:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.

CPENameOperatorVersion
endpoint_manager_for_remote_controleq9.0.1
endpoint_manager_for_remote_controleq9.0.0
tivoli_remote_controleq5.1.2

Name	Operator	Version
endpoint_manager_for_remote_control	eq	9.0.1
endpoint_manager_for_remote_control	eq	9.0.0
tivoli_remote_control	eq	5.1.2

References

exchange.xforce.ibmcloud.com/vulnerabilities/88309

www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/

www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/