CVE-2024-45673

Name of the Vulnerable Software and Affected Versions IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12 IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10 IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11

Description The issue concerns the storage of user credentials in configuration files, which can be accessed by a local user. This poses a risk as sensitive information can be compromised.

Recommendations For IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12, consider restricting access to configuration files to minimize the risk of credential exposure. For IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10, restrict access to configuration files to prevent unauthorized access to user credentials. For IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11, limit access to configuration files to reduce the risk of credential compromise. At the moment, there is no information about a newer version that contains a fix for this vulnerability.