Auth bypass in Ibm Tivoli_federated_identity_manager

CVE-2009-5083

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attac…

Vulnerability class: Broken Authentication

EPSS: 0.002 (44.1th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_federated_identity_manager — versions 6.2.0, 6.2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

IZ44571 (vendor-advisory, x_refsource_AIXAPAR)
cve@mitre.org (x_refsource_CONFIRM)