Vulnerability in Ibm Tivoli_directory_server

CVE-2012-0726

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.005 (67.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_directory_server — versions 3.2.2, 4.1, 5.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

IO15761 (vendor-advisory, x_refsource_AIXAPAR)
tds-nullcipher-weak-security(74303) (vdb-entry, x_refsource_XF)
1026939 (vdb-entry, x_refsource_SECTRACK)
IO16036 (vendor-advisory, x_refsource_AIXAPAR)
53043 (vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM)
IO16035 (vendor-advisory, x_refsource_AIXAPAR)