8.1
CVE-2018-1447
- EPSS 0.08%
- Veröffentlicht 04.04.2018 18:29:02
- Zuletzt bearbeitet 21.11.2024 03:59:50
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Spectrum Protect For Space Management SwPlatformvmware Version >= 7.1.0.0 <= 7.1.8.1
Ibm ≫ Spectrum Protect For Space Management SwPlatformvmware Version >= 8.1.0.0 <= 8.1.4.0
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformvmware Version >= 7.1.0.0 <= 7.1.8.0
Ibm ≫ Spectrum Protect For Virtual Environments SwPlatformvmware Version >= 8.1.0.0 <= 8.1.4.0
Ibm ≫ Spectrum Protect Snapshot SwPlatformvmware Version >= 4.1.0.0 <= 4.1.6.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.208 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@us.ibm.com | 5.1 | 1.4 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-916 Use of Password Hash With Insufficient Computational Effort
The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.