IBM Security Key Lifecycle Manager addresses this issue where the product does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE(s): CVE-2016-6093
Affected product(s) and affected version(s):
IBM Security Key Lifecycle Manager: v2.5 – 2.5.0.7
IBM Security Key Lifecycle Manager v2.6 – 2.6.0.2
IBM Tivoli Key Lifecycle Manager v2.0.1 – 2.0.1.8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2kwalpv
X-Force Database: http://ift.tt/2l0na8o
from IBM Product Security Incident Response Team http://ift.tt/2kwg52y
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.