Credentials Management Errors

CVE-2014-0890

Low

1.9/10

Summary

The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.

Access Complexity: MEDIUM
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-255 - Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

References

Advisory Timeline

Published Mar 06, 2014

Credentials Management Errors

CVE-2014-0890

Summary

CWE-255 - Credentials Management Errors

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS