Vigil@nce - IBM TSM: encryption key disclosure
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can decrypt IBM TSM backups, in order to obtain
sensitive information.
Impacted products: Tivoli Storage Manager
Severity: 2/4
Creation date: 24/02/2015
DESCRIPTION OF THE VULNERABILITY
The IBM TSM client uses an encryption key protected by a password.
However, an attacker can obtain this password via dsmtca.
Technical details are unknown.
An attacker can therefore decrypt IBM TSM backups, in order to
obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-TSM-encryption-key-disclosure-16251