Main Vulnerability Database SB2018042451

SB2018042451 - Weak passwords requirements in IBM Tivoli Network Manager IP Edition

Published: April 24, 2018 Updated: July 5, 2023

Security Bulletin ID SB2018042451

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Weak passwords requirements (CVE-ID: CVE-2018-1447)

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/720307