Security Bulletin: Tivoli Federated Identity Manager - Passwords exposed in trace files (CVE-2012-3310)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtsecurity psirtlow
0 Comments | 816 Visits
It is possible to configure Tivoli Federated Identity Manager (TFIM) in such a way that the logging of certain activities could result in the trace files produced by TFIM containing passwords that are either in clear text or obfuscated in a manner that the password can be derived.
Affected product(s) & Affected version(s): All versions of TFIM before 6.2.2 are affected, including those no longer supported.
Refer to the following reference URLs for remediation and additional vulnerability details.