Auth bypass in Ibm Rational_clearcase

CVE-2014-3101

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers t…

Vulnerability class: Broken Authentication

EPSS: 0.002 (44.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Rational_clearcase — versions 7.1, 7.1.0.1, 7.1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

ibm-clearquest-cve20143101-bruteforce(94268) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
1030884 (vdb-entry, x_refsource_SECTRACK)