PT-2018-13532 · Ibm · Ibm Api Connect
Publicado
2018-07-31
·
Atualizado
2019-10-09
·
CVE-2018-1638
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IBM API Connect versions 5.0.0.0 through 5.0.8.3
Description
The issue concerns the enforcement of Two Factor Authentication (TFA) during password reset. Normally, TFA is required for login scenarios, but it is not enforced when resetting a user's password.
Recommendations
For versions 5.0.0.0 through 5.0.8.3, consider implementing additional authentication measures to enforce TFA during password reset until a fix is available.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Api Connect