PT-2021-18407 · Ibm · Ibm Security Identity Manager

Chris Shepherd

Published

2021-05-20

Updated

2021-05-24

CVE-2021-29687

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Identity Manager version 7.0.2

Description The issue allows a remote user to enumerate usernames due to a difference in responses from valid and invalid login attempts.

Recommendations For IBM Security Identity Manager version 7.0.2, consider implementing measures to make the login response uniform for both valid and invalid attempts to prevent username enumeration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CVE-2021-29687

Affected Products

Ibm Security Identity Manager

PT-2021-18407 · Ibm · Ibm Security Identity Manager

CVE-2021-29687

Weakness Enumeration

Related Identifiers

Affected Products

References · 4