CVE-2011-2759

IBM Tivoli Directory Server < 6.2.0.3-TIV-ITDS-IF0004 - Exposure of Sensitive Information via Login Page Autocomplete

Title source: llm
STIX 2.1

Description

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

References (4)

Core 4
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www.ibm.com/support/docview.wss?uid=swg1IO14165
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg24030320
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68585

Scores

EPSS 0.0132
EPSS Percentile 67.6%

Details

CWE
CWE-200
Status published
Products (4)
ibm/tivoli_directory_server 6.2
ibm/tivoli_directory_server 6.2.0.0
ibm/tivoli_directory_server 6.2.0.1
ibm/tivoli_directory_server 6.2.0.2
Published Jul 17, 2011
Tracked Since Feb 18, 2026