2 matches found
CVE-2020-4283
CVE-2020-4283 affects IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.4. The IBM bulletin confirms a hard-coded credential issue: the JWT secret is stored in plain text in a YAML file (as of v1.0.5, an encrypted JWT secret is generated during configuration). The vulnerability enables aut...
Security Bulletin: IBM Security Information Queue contains hard-coded credentials (CVE-2020-4283)
Summary IBM Security Information Queue ISIQ stores the JSON web token JWT secret in plain text in one of its YAML files. As of v1.0.5, ISIQ generates an encrypted JWT secret during product configuration. Vulnerability Details CVEID: CVE-2020-4283 DESCRIPTION: IBM Security Information Queue ISIQ...