PT-2023-29448 · Ibm · Ibm I Access Client Solutions

Maksymilian Kubiak

Publicado

2023-12-14

Atualizado

2023-12-18

CVE-2023-45182

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3

Description The issue allows a local attacker to obtain the password to other systems by decoding the key for an encrypted password. This can be achieved if the attacker gains access to the encrypted password.

Recommendations For versions 1.1.2 through 1.1.4, consider updating to a version outside of this range to mitigate the risk. For versions 1.1.4.3 through 1.1.9.3, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the encrypted password storage to minimize the risk of exploitation.

Correção

Insecure Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-922

Identificadores relacionados

CVE-2023-45182

Produtos afetados

Ibm I Access Client Solutions

PT-2023-29448 · Ibm · Ibm I Access Client Solutions

CVE-2023-45182

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8