Vulnerability Name: | CVE-2013-5429 (CCN-87561) | ||||||||
Assigned: | 2013-08-22 | ||||||||
Published: | 2014-01-13 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-287 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-5429 Source: CCN Type: SA56411 IBM Tivoli Federated Identity Manager / Business Gateway Token Reuse Security Issue Source: AIXAPAR Type: UNKNOWN IV52624 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21660509 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21660510 Source: CCN Type: OSVDB ID: 101699 IBM Tivoli Federated Identity Multiple Product OTP Token Reuse Weakness Source: CCN Type: BID-64999 IBM Tivoli Federated Identity Manager Business Gateway Security Bypass Vulnerability Source: XF Type: UNKNOWN ibm-tivoli-cve20135429-sec-bypass(87561) Source: XF Type: UNKNOWN ibm-tivoli-cve20135429-sec-bypass(87561) Source: CCN Type: IBM Security Bulletin 1660510 IBM Tivoli Federated Identity Manager Business Gateway One Time Password Enforcement (CVE-2013-5429) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |