CVE-2020-4602

Vulnerability

IBM Security Guardium Insights version 2.0.2 stores user credentials in plain text within the application's configuration or log files. This vulnerability occurs because the software does not encrypt or mask credentials before writing them to storage. A local user with access to the file system can read these credentials directly. The affected version is explicitly 2.0.2 as stated in the CVE description [1].

Exploitation

An attacker must have local access to the system where IBM Security Guardium Insights 2.0.2 is installed. No special privileges beyond the ability to read files on the local filesystem are required. The attacker can locate the files containing the plaintext credentials (e.g., configuration files, logs) and extract the stored usernames and passwords. No user interaction or network access is needed.

Impact

Successful exploitation results in the disclosure of user credentials, including passwords, stored in plain text. This can lead to unauthorized access to the Guardium Insights application and potentially other systems if the same credentials are reused. The confidentiality of authentication data is compromised, and the attacker may escalate privileges within the application or network.

Mitigation

IBM has addressed this vulnerability in a later release of IBM Security Guardium Insights. According to the security bulletin [1], users should upgrade to the fixed version as specified in the advisory. No workarounds are documented; the recommended mitigation is to apply the update. If upgrading is not immediately possible, restrict local file system access to trusted administrators only.