Vigil@nce - IBM Tivoli Storage Manager HSM: information disclosure
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read logs of IBM Tivoli Storage Manager HSM, in
order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Creation date: 19/08/2016.
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Storage Manager HSM product offers a logging system
(Application Tracing).
However, when the PASSWORDAccess option is set to "prompt", and if
the users changes his password, it is written in the logs.
An attacker can therefore read logs of IBM Tivoli Storage Manager
HSM, in order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-Tivoli-Storage-Manager-HSM-information-disclosure-20431