Vulnerability CVE-2013-5429
Published: 2014-01-20   Modified: 2014-01-21

Description:
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:H/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Remote
High
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
IBM -> Tivoli federated identity manager 

 References:
http://xforce.iss.net/xforce/xfdb/87561
http://www-01.ibm.com/support/docview.wss?uid=swg21660510
http://www-01.ibm.com/support/docview.wss?uid=swg21660509
http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624
Copyright 2024, cxsecurity.com

 

Back to Top