CVE-2018-1447
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
| Software | From | Fixed in |
|---|---|---|
| ibm / spectrum_protect_for_virtual_environments | 8.1.0.0 | 8.1.4.0.x |
| ibm / spectrum_protect_for_virtual_environments | 7.1.0.0 | 7.1.8.0.x |
| ibm / spectrum_protect_for_space_management | 8.1.0.0 | 8.1.4.0.x |
| ibm / spectrum_protect_for_space_management | 7.1.0.0 | 7.1.8.1.x |
| ibm / spectrum_protect_snapshot | 4.1.0.0 | 4.1.6.3.x |
- http://www.ibm.com/support/docview.wss?uid=swg22014669
- http://www.ibm.com/support/docview.wss?uid=swg22014957
- http://www.ibm.com/support/docview.wss?uid=swg22015066
- http://www.ibm.com/support/docview.wss?uid=swg22015071
- http://www.securityfocus.com/bid/104511
- http://www.securitytracker.com/id/1041012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139972
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime