Sensitive Information Disclosure in IBM Rational Focal Point Account Creation

Sensitive Information Disclosure in IBM Rational Focal Point Account Creation

CVE-2014-0842 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.

Learn more about our Cis Benchmark Audit For Ibm I.