Auth bypass in Ibm Tivoli_federated_identity_manager

CVE-2013-5429

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens…

Vulnerability class: Broken Authentication

EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_federated_identity_manager — versions 6.2.2, 6.2.2.1, 6.2.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
IV52624 (vendor-advisory, x_refsource_AIXAPAR)
ibm-tivoli-cve20135429-sec-bypass(87561) (vdb-entry, x_refsource_XF)