IBM Security Verify Access and Identity Access Container Hard-Coded Credentials Vulnerability

A vulnerability exists in IBM Security Verify Access versions 10.0.0 through 10.0.9 and 11.0.0, as well as in IBM Verify Identity Access Container version 11.0.0 and 10.0.0 through 10.0.9. Under certain configurations, these products contain hard-coded credentials, such as passwords or cryptographic keys, used for inbound authentication, outbound communication with external components, or encryption of internal data.

Impact

The presence of hard-coded credentials can lead to unauthorized access or manipulation of data, as these credentials may be exploited to bypass authentication mechanisms or gain elevated privileges.

Remediation

Users are advised to update to IBM Security Verify Access version 10.0.9 IF2 or IBM Verify Identity Access version 11.0.1. Instructions for downloading these versions are available on the IBM Support Fix Central website. For container users, the updated version can be downloaded from the IBM Security Verify Access documentation site.