PT-2023-29448 · Ibm · Ibm I Access Client Solutions
Maksymilian Kubiak
+1
·
Published
2023-12-14
·
Updated
2023-12-18
·
CVE-2023-45182
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
IBM i Access Client Solutions versions 1.1.2 through 1.1.4
IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3
Description
The issue allows a local attacker to obtain the password to other systems by decoding the key for an encrypted password. This can be achieved if the attacker gains access to the encrypted password.
Recommendations
For versions 1.1.2 through 1.1.4, consider updating to a version outside of this range to mitigate the risk.
For versions 1.1.4.3 through 1.1.9.3, consider updating to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the encrypted password storage to minimize the risk of exploitation.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm I Access Client Solutions