| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability announce CVE-2010-0563
WebSphere AS: SSL not used for SSO
Synthesis of the vulnerability
| When the Single Sign-On authentication of WebSphere is configured to enforce SSL, the session does not use SSL. |
Severity: 2/4.
Creation date: 08/02/2010.
|
Description of the vulnerability
The Single Sign-On authentication of WebSphere can be configured to enforce SSL:
- WebSphere Application Server Administration Console
- Global Security
- Web and SIP Security
- Single Sign-on (SSO)
- requires SSL
However, this directive is not honored, so authentication data are not encrypted.
An attacker can therefore capture authentication data. |
Complete Vigil@nce bulletin
Characteristics
Title: WebSphere AS: SSL not used for SSO.
Keywords: Administration Application Console Global SIP SSL SSO Security Server Sign-On Sign-on Single Web WebSphere used.
Identifiers: BID-38122, CVE-2010-0563, PM00610, swg21417839, VIGILANCE-VUL-9412.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins
|