3 matches found
Security Bulletin: IBM Verify Gateway does not prevent excessive authentication attempts (CVE-2020-4400)
Summary The IBM Verify Gateway IVG components do not prevent rapid, excessive attempts to authenticate with a time-based one-time password TOTP. Consequently, an attacker could brute force account credentials. As of v1.0.1 of IVG for RADIUS and IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM and...
CVE-2020-4400
IBM Verify Gateway IVG 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478...
CVE-2020-4400
CVE-2020-4400 concerns IBM Verify Gateway (IVG) where the account lockout settings were inadequate, enabling a remote attacker to brute‑force credentials. Affected IVG components include RADIUS 1.0.0, PAM 1.0.0/1.0.1, and WinLogin 1.0.0/1.0.1. The root cause is insufficient throttling of authenti...