CVE-2012-3310

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager (TFIM) versions prior to 6.1.1.14 IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 through 6.2.0.11 IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.1 through 6.2.1.3

Description The issue allows context-dependent attackers to discover sensitive information, including cleartext passwords, by leveraging a logging configuration with a log trace setting of all. This can lead to the exposure of a cleartext LDAP Bind Password, keystore passwords, a cleartext Basic Authentication password from a client, or a cleartext user password.

Recommendations For versions prior to 6.1.1.14, update to version 6.1.1.14 or later. For versions 6.2.0 through 6.2.0.11, update to version 6.2.0.12 or later. For versions 6.2.1 through 6.2.1.3, update to version 6.2.1.4 or later.