2 matches found
Security Bulletin: Authd service in the IBM Verify Gateway PAM components allows cleartext transmission of sensitive information (CVE-2020-4397)
Summary The IBM Verify Gateway IVG Authd service listens on TCP port 12. When the service is enabled, it's possible to detect cleartext transmission of sensitive information in the data traffic to and from the port. As of v1.0.1 of IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM, the Authd servi...
CVE-2020-4397
CVE-2020-4397 affects IBM Verify Gateway (IVG) PAM components (AIX PAM 1.0.0/1.0.1; Linux PAM 1.0.0/1.0.1) where the Authd service could expose sensitive data in cleartext over TCP, enabling eavesdropping/mitm. The IBM Security bulletin notes that as of IVG PAM v1.0.1 (AIX) and v1.0.2 (Linux), th...