Cryptographic Weakness in IBM Tivoli Key Lifecycle Manager Software
CVE-2021-38979

4.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 November 2021

Summary

IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 exhibit a critical cryptographic weakness due to the absence of a salt in the password hashing process. This oversight means that a one-way cryptographic hash, which should provide security for sensitive data, is vulnerable to brute-force attacks and rainbow table attacks. Without proper salting, the resistance against reverse engineering is significantly lowered, exposing users to potential data breaches and unauthorized access.

Affected Version(s)

Security Key Lifecycle Manager 3.0

Security Key Lifecycle Manager 3.0.1

Security Key Lifecycle Manager 4.0

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.