IBM Tivoli Federated Identity Manager XML Signature Validation Security Bypass Vulnerability

IBM Tivoli Federated Identity Manager is prone to a signature-verification security-bypass vulnerability.

An attacker can exploit this issue to bypass the signature validation mechanism through an untrusted or invalid XML signature.

Tivoli Federated Identity Manager 6.1, 6.2, 6.2.1, and 6.2.2 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus