CVE-2012-0726

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

Published: Apr 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0726
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
ibm / tivoli_directory_server	6.0.0	6.0.0.x
ibm / tivoli_directory_server	5.2.0	5.2.0.x
ibm / tivoli_directory_server	-	6.3.0.x
ibm / tivoli_directory_server	6.2.0.21	6.2.0.21.x
ibm / tivoli_directory_server	6.0.0.7	6.0.0.7.x
ibm / tivoli_directory_server	6.0	6.0.x
ibm / tivoli_directory_server	6.1.0.48	6.1.0.48.x
ibm / tivoli_directory_server	6.0.0.8	6.0.0.8.x
ibm / tivoli_directory_server	6.2.0.19	6.2.0.19.x
ibm / tivoli_directory_server	6.1.0.46	6.1.0.46.x
ibm / tivoli_directory_server	6.2.0	6.2.0.x
ibm / tivoli_directory_server	3.2.2	3.2.2.x
ibm / tivoli_directory_server	6.1.0	6.1.0.x
ibm / tivoli_directory_server	6.1.0.47	6.1.0.47.x
ibm / tivoli_directory_server	4.1	4.1.x
ibm / tivoli_directory_server	6.2.0.20	6.2.0.20.x
ibm / tivoli_directory_server	6.2.0.22	6.2.0.22.x
ibm / tivoli_directory_server	6.0.0.69	6.0.0.69.x
ibm / tivoli_directory_server	6.1.0.45	6.1.0.45.x

Vulnerability Database

290,020

CVE-2012-0726