CVE-2018-1447

Sažetak

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Reference

http://www.ibm.com/support/docview.wss?uid=swg22014669
http://www.ibm.com/support/docview.wss?uid=swg22014957
http://www.ibm.com/support/docview.wss?uid=swg22015066
http://www.ibm.com/support/docview.wss?uid=swg22015071
http://www.securityfocus.com/bid/104511
http://www.securitytracker.com/id/1041012
https://exchange.xforce.ibmcloud.com/vulnerabilities/139972

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-10-2019 - 00:03

Objavljeno

04-04-2018 - 18:29