Security Bulletin: Encrypted passwords field available in result set of User record type (CVE-2012-2165 )
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtrational psirtlow
0 Comments | 891 Visits
The encrypted password field for a user is available to IBM Rational ClearQuest queries and can be displayed in a result set. This is an information disclosure that may assist an attacker in attempts to construct passwords that match that encrypted value.