Jan 31, 2019 9:00 am EST
Categorized: Medium Severity
Share this post:
IBM Tivoli Application Dependency Discovery Manager (TADDM) requires a local service account to communicate with Windows servers (targets) via WMI. WMI caches the password hash in memory on each target Windows system when using certain authentication methods. By TADDM design, and according to standard implementation, the service account password is the same for all Windows targets. The cached password can be viewed in memory on any target Windows server using open source windows credential tools such as “mimikatz”. A local user can execute this tool and view the password hash from memory on the target systems. This essentially exposes the password for all other Windows targets that are configured to use TADDM. No access to the TADDM server is necessary to view the password. The local TADDM service account on each target system is a privileged account, so a local attacker could potentially gain access and administrative authority to all target Windows systems.
CVE(s): CVE-2018-1675
Affected product(s) and affected version(s):
TADDM 7.2.2.0 – 7.2.2.5
TADDM 7.3.0.0 – 7.3.0.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10742403
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145110
from IBM Product Security Incident Response Team https://ibm.co/2sVVyXY
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.