IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Security_guardium_key_lifecycle_manager | Ibm | 4.1.0 (including) | 4.1.0 (including) |
| Security_guardium_key_lifecycle_manager | Ibm | 4.1.0.1 (including) | 4.1.0.1 (including) |
| Security_guardium_key_lifecycle_manager | Ibm | 4.1.1 (including) | 4.1.1 (including) |
| Security_key_lifecycle_manager | Ibm | 3.0 (including) | 3.0.0.4 (including) |
| Security_key_lifecycle_manager | Ibm | 3.0.1 (including) | 3.0.1.5 (including) |
| Security_key_lifecycle_manager | Ibm | 4.0 (including) | 4.0.0.3 (including) |
| Security_key_lifecycle_manager | Ibm | 4.1.0 (including) | 4.1.0 (including) |
| Security_key_lifecycle_manager | Ibm | 4.1.0.1 (including) | 4.1.0.1 (including) |
| Security_key_lifecycle_manager | Ibm | 4.1.1 (including) | 4.1.1 (including) |