Vulnerabilities > CVE-2011-1560 - Credentials Management vulnerability in IBM Soliddb
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Databases |
NASL id | SOLIDDB_PASSWD_HASH_LENGTH_CODE_EXEC.NASL |
description | According to its build date, the version of IBM solidDB installed on the remote host is affected by an authentication bypass vulnerability because the application allows a remote attacker to specify the length of a password hash. A remote attacker, exploiting this flaw, could bypass authentication to the database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 53332 |
published | 2011-04-08 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/53332 |
title | IBM solidDB Password Hash Length Authentication Bypass |