Cryptographic Weakness in IBM Security Verify Governance Identity Manager
CVE-2023-33838

4.9MEDIUM

Key Information:

Vendor: IBM
Status: Security Verify Governance
Vendor: CVE Published:; 29 January 2025

What is CVE-2023-33838?

IBM Security Verify Governance, specifically version 10.0.2, is affected by a vulnerability due to the use of a one-way cryptographic hash for sensitive data, such as passwords, without incorporating a salt. This oversight reduces the effectiveness of the hashing mechanism, potentially exposing user credentials to reversible attacks. Proper cryptographic practices mandate the use of salts in conjunction with hashes to enhance security, and the absence of this can lead to increased risks for password-related exploits.

Affected Version(s)

Security Verify Governance 10.0.2

References

https://www.ibm.com/support/pages/node/7172200

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2025
Vulnerability Reserved
May 23, 2023