68 matches found
CVE-2020-4372
Summary: CVE-2020-4372 affects IBM Verify Gateway (IVG) components and enables exposure of client secrets when debug tracing is enabled, resulting in plaintext credentials readable by a local attacker. Affected products/versions (per IBM): IVG RADIUS 1.0.0; IVG PAM 1.0.0, 1.0.1; IVG Windows Login...
CVE-2020-4385
IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266...
CVE-2020-4372
IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009...
CVE-2020-4385
CVE-2020-4385 affects IBM Verify Gateway (IVG) versions 1.0.0 and 1.0.1, where a hard-coded credential (password/cryptographic key) is used for inbound authentication, outbound communication to external components, or internal data encryption. The IBM advisories (Security Bulletin and X-Force ent...
CVE-2020-4371
IBM Verify Gateway (IVG) PAM components have a leftover debug header/file in installation packages that exposes sensitive information. Affected products/versions: IVG PAM 1.0.0 and 1.0.1. Root cause: leftover debugging code/file not meant for delivery in PAM components. Impact: could be used by a...
CVE-2020-4371
IBM Verify Gateway IVG 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008...
CVE-2020-4369
CVE-2020-4369 affects IBM Verify Gateway (IVG) 1.0.0 and 1.0.1, where the client-secret stored in cleartext in PAM configurations could be exposed. The IBM Security bulletin notes that IVG PAM components can encrypt the client-secret in /etc/pam_ibm_auth.json, but encryption is not enabled by def...
CVE-2020-4369
IBM Verify Gateway IVG 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004...