CVE-2006-6607

Name of the Vulnerable Software and Affected Versions WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) version 4.6

Description The issue allows local users to obtain the Java Key Store (JKS) password by listing the process or using other methods, as the password is placed in a -Djavax.net.ssl.trustStorePassword command line argument.

Recommendations For WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) version 4.6, consider removing the JKS password from the command line argument to prevent local users from obtaining it. As a temporary workaround, restrict access to the process listing and command line arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.