Information disclosure in Ibm Tivoli_directory_server

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote atta…

Vulnerability class: Information Disclosure

EPSS: 0.003 (48.7th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_directory_server — versions 6.2, 6.2.0.0, 6.2.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

IO14165 (vendor-advisory, x_refsource_AIXAPAR)
cve@mitre.org (x_refsource_CONFIRM)
ibm-tds-idswebapp-info-disc(68585) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)