Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

TWSL2011-018: Authentication Bypass Vulnerability in IBM TS3100/TS3200 Web User Interface

The Spiderlabs team at Trustwave published a new advisory for a authentication bypass finding found in the TS3100/TS3200 tape library. The TS3100/TS3200 tape library is a entry-level backup solution manufactured by IBM and this product is designed to archive data-storage needs for small-to-medium environments. The unit has remote management capabilities as well as remote administration capabilities through its web user interface.

Martin Murfitt who works as a Penetration Tester for the Trustwave SpiderLabs discovered a security flaw in the web user interface that allowed him to bypass authentication while performing a test for a Trustwave client. IBM has confirmed Martin's findings and the company has released firmware version A.60 to address this issue. The updated firmware can be downloaded by visiting IBM's Security Bulletin at http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003938.