PT-2018-4105 · Ibm · Ibm Tivoli Remote Control+1

Published

2018-04-27

Updated

2018-06-04

CVE-2013-5461

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Endpoint Manager for Remote Control versions 9.0.0 through 9.0.1 Tivoli Remote Control version 5.1.2

Description The issue allows remote attackers to more easily decrypt passwords by leveraging access to stored hashes of partial passwords.

Recommendations For IBM Endpoint Manager for Remote Control versions 9.0.0 through 9.0.1, update to a version that does not store multiple hashes of partial passwords to prevent easier decryption by attackers. For Tivoli Remote Control version 5.1.2, update to a version that does not store multiple hashes of partial passwords to prevent easier decryption by attackers.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2013-5461

Affected Products

Ibm Endpoint Manager For Remote Control

Ibm Tivoli Remote Control

PT-2018-4105 · Ibm · Ibm Tivoli Remote Control+1

CVE-2013-5461

Weakness Enumeration

Related Identifiers

Affected Products

References · 4