IBM Tivoli Directory Server ldapinst.log DB2 Admin Password Disclosure
Low Nessus Plugin ID 47901
SynopsisThe remote installation of Tivoli Directory Server stores the login and password of the DB2 database in a plaintext log file.
DescriptionThe remote installation of Tivoli Directory Server created a file called 'ldapinst.log' that contains the login and password of the IBM DB2 database used for this service.
An attacker who could get access to this file (or a backup of it) would be able to log into the DB2 database and modify its content or structure.
SolutionApply the patch from IBM or delete the file.