CVE-2024-45673
📋 TL;DR
This vulnerability allows local users to read stored user credentials from configuration files in affected IBM Security products. It affects IBM Security Verify Bridge Directory Sync, IBM Security Verify Gateway for Windows Login, and IBM Security Verify Gateway for Radius. Attackers with local access can potentially obtain sensitive authentication data.
💻 Affected Systems
- IBM Security Verify Bridge Directory Sync
- IBM Security Verify Gateway for Windows Login
- IBM Security Verify Gateway for Radius
📦 What is this software?
Security Verify Bridge Directory Sync by Ibm
View all CVEs affecting Security Verify Bridge Directory Sync →
⚠️ Risk & Real-World Impact
Worst Case
Local attackers gain administrative credentials, leading to complete system compromise, lateral movement, and privilege escalation across connected systems.
Likely Case
Local users or malware with file read access harvest credentials for authentication bypass, data exfiltration, or limited privilege escalation.
If Mitigated
With proper access controls, only authorized administrators can access configuration files, limiting exposure to trusted personnel.
🎯 Exploit Status
Exploitation requires local file read access but is trivial once access is obtained. No special tools or skills needed beyond basic file reading capabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Bridge Directory Sync 1.0.13, Windows Login Gateway 1.0.11, Radius Gateway 1.0.12
Vendor Advisory: https://www.ibm.com/support/pages/node/7183801
Restart Required: Yes
Instructions:
1. Download the latest version from IBM Fix Central. 2. Backup current configuration. 3. Stop the affected service. 4. Install the updated version. 5. Restart the service. 6. Verify functionality.
🔧 Temporary Workarounds
Restrict Configuration File Permissions
linuxSet strict file permissions on configuration files to prevent unauthorized local users from reading them.
chmod 600 /path/to/config/files/*.conf
chown root:root /path/to/config/files/*.conf
Windows ACL Restriction
windowsApply NTFS permissions to restrict configuration file access to administrators only.
icacls "C:\Program Files\IBM\config\*.conf" /inheritance:r /grant:r "Administrators:(F)" /grant:r "SYSTEM:(F)"
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to systems running affected software.
- Regularly audit and monitor access to configuration files and credential storage locations.
🔍 How to Verify
Check if Vulnerable:
Check version numbers in product administration console or via 'ibm_version' command. If within affected ranges, check configuration file permissions and contents for stored credentials.Check Version:
ibm_version or check product administration interfaceVerify Fix Applied:
Verify installed version is patched (1.0.13+ for Bridge Directory Sync, 1.0.11+ for Windows Login Gateway, 1.0.12+ for Radius Gateway). Confirm configuration files no longer contain readable credentials.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to configuration files
- Failed authentication attempts using harvested credentials
- Unusual local user activity on affected systems
Network Indicators:
- Unusual authentication patterns from affected systems
- Credential reuse across different systems
SIEM Query:
source="*config*" AND (event="FileRead" OR event="AccessDenied") AND file_path="*conf*" AND user!="admin"