CVE-2014-0842

Name of the Vulnerable Software and Affected Versions IBM Rational Focal Point versions 6.4.x through 6.5.2.2 IBM Rational Focal Point versions 6.6.x through 6.6.0

Description The issue concerns the account-creation functionality, which insecurely handles default passwords for new users. Specifically, the default password is placed within the creation page, allowing remote attackers to obtain sensitive information by reading the HTML source code.

Recommendations For IBM Rational Focal Point versions 6.4.x through 6.5.2.2, update to version 6.5.2.3 or later. For IBM Rational Focal Point versions 6.6.x through 6.6.0, update to version 6.6.1 or later.