CVE-2013-5429

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager versions 6.2.2 before FP9 IBM Tivoli Federated Identity Manager Business Gateway versions 6.2.2 before FP9

Description The issue concerns the Risk Based Access functionality, which fails to prevent the reuse of One Time Password (OTP) tokens. This makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

Recommendations For IBM Tivoli Federated Identity Manager version 6.2.2, apply Fix Pack 9 to resolve the issue. For IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2, apply Fix Pack 9 to resolve the issue.