Vigil@nce - IBM Spectrum Protect: password disclosure
July 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can get the passwords used by IBM Spectrum Protect.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Creation date: 31/05/2017.
DESCRIPTION OF THE VULNERABILITY
The IBM Spectrum Protect stores password in the MS-Windows
registry.
However, the registry access rights are such that attacker can
access to these passwords.
An attacker can therefore get the passwords used by IBM Spectrum
Protect.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/IBM-Spectrum-Protect-password-disclosure-22872