IBM Tivoli Directory Server ldapinst.log DB2 Admin Password Disclosure

Low Nessus Plugin ID 47901


The remote installation of Tivoli Directory Server stores the login and password of the DB2 database in a plaintext log file.


The remote installation of Tivoli Directory Server created a file called 'ldapinst.log' that contains the login and password of the IBM DB2 database used for this service.

An attacker who could get access to this file (or a backup of it) would be able to log into the DB2 database and modify its content or structure.


Apply the patch from IBM or delete the file.

See Also

Plugin Details

Severity: Low

ID: 47901

File Name: tivoli_directory_svr_db2_passwd.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2010/07/29

Modified: 2015/06/23

Dependencies: 10399, 13855

Risk Information

Risk Factor: Low


Base Score: 3.8

Temporal Score: 3.1

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_directory_server

Required KB Items: SMB/name, SMB/login, SMB/password

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/07/28

Vulnerability Publication Date: 2010/07/28

Reference Information

BID: 42015

OSVDB: 66650