5.3
CVE-2014-0841
- EPSS 0.23%
- Veröffentlicht 27.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:02:53
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack. IBM X-Force ID: 90704.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Rational Focal Point Version6.4
Ibm ≫ Rational Focal Point Version6.4.1
Ibm ≫ Rational Focal Point Version6.5.1
Ibm ≫ Rational Focal Point Version6.5.2
Ibm ≫ Rational Focal Point Version6.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.135 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.8 | 3.4 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://exchange.xforce.ibmcloud.com/vulnerabilities/90704
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-weak-password-hash-vulnerability-in-rational-focalpoint-cve-2014-0841/