| Vulnerability Name: | CVE-2013-5461 (CCN-88309) | ||||||||||||
| Assigned: | 2013-08-22 | ||||||||||||
| Published: | 2014-04-30 | ||||||||||||
| Updated: | 2018-06-04 | ||||||||||||
| Summary: | IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-255 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-5461 Source: CCN Type: IBM Security Bulletin 1669035 Insecure Storage of Passwords in IBM Endpoint Manager for Remote Control (CVE-2013-5461 ) Source: CCN Type: BID-67208 Multiple IBM products CVE-2013-5461 Insecure Password Storage Information Disclosure Vulnerability Source: XF Type: UNKNOWN ibm-tivoli-cve20135461-info-disc(88309) Source: XF Type: VDB Entry, Vendor Advisory ibm-tivoli-cve20135461-info-disc(88309) Source: CONFIRM Type: Vendor Advisory https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/ Source: CONFIRM Type: Vendor Advisory https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||