2 matches found
CVE-2018-1638
The vulnerability CVE-2018-1638 affects IBM API Connect (Developer Portal) versions 5.0.0.0–5.0.8.3, where two-factor authentication (TFA) is not enforced when resetting a user password, while it is enforced for other login scenarios. This bypass could allow an attacker to gain full access if the...
Security Bulletin: API Connect is affected by a weak two factor authentication vulnerability
Summary IBM API Connect has addressed the following vulnerability. API Connect user are affected by a TwoFactor 2FA/TFA bypass while resetting password. Using API Connect version 5.0.8.3 and with Two Factor Authentication enabled on the Developer Portal it is possible to bypass TFA and get full...