IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key.
Per: http://www-01.ibm.com/support/docview.wss?uid=swg21667626 "Encrypted credentials can be remotely retrieved from the IBM Cognos Express server."