Vulnerabilities > CVE-2018-1447 - Use of Password Hash With Insufficient Computational Effort vulnerability in IBM products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

ibm

CWE-916

NVD

Published: 2018-04-04

Updated: 2019-10-03

Summary

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Spectrum Protect FOR Virtual Environments 8.1.0.0 IBM Spectrum Protect FOR Virtual Environments 8.1.2 IBM Spectrum Protect FOR Virtual Environments 8.1.2.0 IBM Spectrum Protect FOR Virtual Environments 8.1.4 IBM Spectrum Protect FOR Virtual Environments 8.1.4.0 IBM Spectrum Protect FOR Virtual Environments 7.1.0.0 IBM Spectrum Protect FOR Virtual Environments 7.1.1 IBM Spectrum Protect FOR Virtual Environments 7.1.1.0 IBM Spectrum Protect FOR Virtual Environments 7.1.2 IBM Spectrum Protect FOR Virtual Environments 7.1.2.0 IBM Spectrum Protect FOR Virtual Environments 7.1.3 IBM Spectrum Protect FOR Virtual Environments 7.1.3.0 IBM Spectrum Protect FOR Virtual Environments 7.1.4 IBM Spectrum Protect FOR Virtual Environments 7.1.4.0 IBM Spectrum Protect FOR Virtual Environments 7.1.6 IBM Spectrum Protect FOR Virtual Environments 7.1.6.0 IBM Spectrum Protect FOR Virtual Environments 7.1.8 IBM Spectrum Protect FOR Virtual Environments 7.1.8.0 IBM Spectrum Protect FOR Space Management 8.1.0.0 IBM Spectrum Protect FOR Space Management 8.1.2.0 IBM Spectrum Protect FOR Space Management 8.1.4.0 IBM Spectrum Protect FOR Space Management 7.1.0.0 IBM Spectrum Protect FOR Space Management 7.1.1.0 IBM Spectrum Protect FOR Space Management 7.1.2.0 IBM Spectrum Protect FOR Space Management 7.1.3.0 IBM Spectrum Protect FOR Space Management 7.1.4.0 IBM Spectrum Protect FOR Space Management 7.1.6.0 IBM Spectrum Protect FOR Space Management 7.1.8.0 IBM Spectrum Protect FOR Space Management 7.1.8.1 IBM Spectrum Protect Snapshot 4.1.0.0 IBM Spectrum Protect Snapshot 4.1.1.0 IBM Spectrum Protect Snapshot 4.1.2.0 IBM Spectrum Protect Snapshot 4.1.3.0 IBM Spectrum Protect Snapshot 4.1.4.0 IBM Spectrum Protect Snapshot 4.1.6.0 IBM Spectrum Protect Snapshot 4.1.6.3	36

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References