Unrated severityNVD Advisory· Published Apr 4, 2018· Updated Sep 17, 2024

CVE-2018-1447

Description

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Affected products

IBM/Spectrum Protect Servercpe-rescue
Range: 7.1
IBM/Spectrum Protect for Space Managementv5
Range: 7.1
IBM/Spectrum Protect For Virtual Environmentscpe-rescue
Range: 7.1
IBM/Spectrum Protect Snapshotcpe-rescue
Range: 4.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
www.securityfocus.com/bid/104511mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1041012mitrevdb-entryx_refsource_SECTRACK
exchange.xforce.ibmcloud.com/vulnerabilities/139972mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000