PT-2014-3907 · Ibm · Ricos+1
Published
2014-07-07
·
Updated
2018-10-09
·
CVE-2014-0869
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Algo Credit Limits versions 4.5.0 through 4.7.0 before 4.7.0.03 FP5
Description
The issue allows remote attackers to obtain cleartext passwords by exploiting the decrypt function in RICOS, which does not require a key. This can be achieved by sniffing the network and providing a string argument to the decrypt function.
Recommendations
For versions 4.5.0 through 4.7.0 before 4.7.0.03 FP5, update to version 4.7.0.03 FP5 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Algo Credit Limits
Ricos