Mar 2, 2021 7:00 pm EST
Categorized: Medium Severity
Share this post:
The obfuscation logic in IBM Security Verify Bridge (ISVB) relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key.
Affected product(s) and affected version(s):
|IBM Security Verify Bridge
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6421025