Cryptographic Weakness in IBM Tivoli Key Lifecycle Manager Software
CVE-2021-38979
4.4MEDIUM
Summary
IBM Tivoli Key Lifecycle Manager versions 3.0, 3.0.1, 4.0, and 4.1 exhibit a critical cryptographic weakness due to the absence of a salt in the password hashing process. This oversight means that a one-way cryptographic hash, which should provide security for sensitive data, is vulnerable to brute-force attacks and rainbow table attacks. Without proper salting, the resistance against reverse engineering is significantly lowered, exposing users to potential data breaches and unauthorized access.
Affected Version(s)
Security Key Lifecycle Manager 3.0
Security Key Lifecycle Manager 3.0.1
Security Key Lifecycle Manager 4.0
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved