CVE-2009-5085

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 through 6.2.0.1

Description The issue allows user-assisted remote attackers to bypass intended trust restrictions. This occurs when the software, configured as an OpenID provider, fails to delete the site information cookie after a user deletes a relying-party trust entry. As a result, attackers can exploit this via vectors that trigger the absence of the consent-to-authenticate page.

Recommendations For IBM Tivoli Federated Identity Manager (TFIM) versions 6.2.0 through 6.2.0.1, update to version 6.2.0.2 or later to resolve the issue.