CVE-2013-5461

IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Remote Control 5.1.2 store multiple hashes of partial passwords, which makes it easier for remote attackers to decrypt passwords by leveraging access to the hashes. IBM X-Force ID: 88309.

Published: Apr 27, 2018
Updated: Apr 13, 2023
CVE: CVE-2013-5461
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
ibm / endpoint_manager_for_remote_control	9.0.1	9.0.1.x
ibm / endpoint_manager_for_remote_control	9.0.0	9.0.0.x
ibm / tivoli_remote_control	5.1.2	5.1.2.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/88309
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-ibm-endpoint-manager-for-remote-control-cve-2013-5461/
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-insecure-storage-of-passwords-in-tivoli-remote-control-cve-2013-5461/

Vulnerability Database

289,697

CVE-2013-5461