Jul 23, 2020 8:00 pm EDT
Categorized: Low Severity
Share this post:
To debug the IBM Verify Gateway (IVG) PAM components, customers can add “trace-file” parameters in the PAM configuration so that .log files are written to the /tmp directory. These debug logs potentially contain sensitive information, and yet they default to world readable. They should have stricter access permissions. As of v1.0.1 of IVG for AIX PAM, and v1.0.2 of IVG for Linux PAM, the logs are no longer world readable.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Verify Gateway (IVG) | PAM 1.0.0, 1.0.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6252479
from IBM Product Security Incident Response Team https://ift.tt/32NAbLJ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.