Vulnerabilities > CVE-2014-0869 - Cryptographic Issues vulnerability in IBM Algo Credit Limits and Algorithmics

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
ibm
CWE-310
exploit available

Summary

The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities. CVE-2014-0864,CVE-2014-0865,CVE-2014-0866,CVE-2014-0867,CVE-2014-0868,CVE-2014-0869,CVE-2014...
idEDB-ID:33942
last seen2016-02-03
modified2014-07-01
published2014-07-01
reporterSEC Consult
sourcehttps://www.exploit-db.com/download/33942/
titleIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/127304/SA-20140630-0.txt
idPACKETSTORM:127304
last seen2016-12-05
published2014-06-30
reporterF. Lukavsky
sourcehttps://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html
titleIBM Algorithmics RICOS Disclosure / XSS / CSRF

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87112
last seen2017-11-19
modified2014-07-02
published2014-07-02
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87112
titleIBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities