IBM Tivoli Access Manager Cookie Authentication Weakness May Let Remote Users Hijack Sessions - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Security) > IBM Security Access Manager

IBM Tivoli Access Manager Cookie Authentication Weakness May Let Remote Users Hijack Sessions

SecurityTracker Alert ID: 1010379

SecurityTracker URL: http://securitytracker.com/id/1010379

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 3 2004

Impact: User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): IBM Tivoli Access Manager for e-business version 3.9, 4.1, and 5.1; IBM Tivoli Access Manager Identity Manager Solution version 5.1

Description: A vulnerability was reported in IBM Tivoli Access Manager. A remote user may be able to hijack a user session.

IBM reported that a remote user can supply a specially crafted (or stolen) cookie to impersonate a valid authenticated target user and hijack the target user's session.

The remote user can gain access to resources and data on the target system and may be able to gain control of the compromised application, the report said.

The vulnerability relates to the use of cookies to maintain session status.

Impact: A remote user may be able to hijack a target user's session.

Solution: The vendor has released the following fixes:

IBM Tivoli Access Manager for e-business 3.9 (WebSEAL):

http://www.ibm.com/support/docview.wss?uid=swg24006460

IBM Tivoli Access Manager for e-business 3.9 (Web Server Plug-in):

http://www.ibm.com/support/docview.wss?uid=swg24006535

IBM Tivoli Access Manager for e-business 4.1 (WebSEAL):

http://www.ibm.com/support/docview.wss?uid=swg24006273

IBM Tivoli Access Manager for e-business 4.1 (Web Server Plug-in):

http://www.ibm.com/support/docview.wss?uid=swg24006534

IBM Tivoli Access Manager for e-business 5.1 (WebSEAL):

http://www.ibm.com/support/docview.wss?uid=swg24006477

IBM Tivoli Access Manager for e-business 5.1 (Web Server Plug-in):

http://www.ibm.com/support/docview.wss?uid=swg24006533

IBM Tivoli Access Manager Identity Manager Solution 5.1 (WebSEAL or Web Server Plug-in):

http://www.ibm.com/support/docview.wss?uid=swg24006477
http://www-1.ibm.com/support/docview.wss?uid=swg24006533

Vendor URL: www.ibm.com/support/docview.wss?uid=swg21168762 (Links to External Site)

Cause: Authentication error

Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History: None.

Source Message Contents

Subject: http://www-1.ibm.com/support/docview.wss?uid=swg21168762


http://www-1.ibm.com/support/docview.wss?uid=swg21168762

 > Potential Credential Impersonation Attack

 > IBM has determined that multiple IBM products can be affected by a form of credential
 > impersonation exploit that would allow an attacker to gain access to resources and data,
 > or gain control of the compromised application.

The vulnerability relates to the use of cookies to maintain session status.

The following products are affected:

2.1.3, 2.14, and 2.15

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC