CVE-2023-45182

HIGH

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 - Information Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45182. PoCs published by afine-com.

AI-analyzed exploit summary This repository contains a functional Java-based brute-force tool that exploits weak AES encryption in IBM i Access Client Solutions. The tool leverages a reduced keyspace derived from static strings and user-specific data to decrypt stored passwords.

Description

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.

Exploits (1)

nomisec WORKING POC
by afine-com · poc
https://github.com/afine-com/CVE-2023-45182

This repository contains a functional Java-based brute-force tool that exploits weak AES encryption in IBM i Access Client Solutions. The tool leverages a reduced keyspace derived from static strings and user-specific data to decrypt stored passwords.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: IBM i Access Client Solutions < 1.1.9.4
No auth needed
Prerequisites: Access to the encrypted password file · Knowledge of the username and OS
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
https://www.ibm.com/support/pages/node/7091942

Scores

CVSS v3 7.4
EPSS 0.0063
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Details

CWE
CWE-922
Status published
Products (1)
ibm/i_access_client_solutions 1.1.2 - 1.1.4
Published Dec 14, 2023
Tracked Since Feb 18, 2026