5.2.0.4

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-255

NVD

Published: 2011-04-21

Updated: 2011-04-21

Summary

The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Directory Server 5.2.0 IBM Tivoli Directory Server 5.2.0.4	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.ibm.com/support/docview.wss?uid=swg1IO11882
http://www.ibm.com/support/docview.wss?uid=swg24029663