CVE-2018-1447

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 7.2 IBM Spectrum Protect Snapshot versions 4.1.3, 4.1.4, 4.1.6

Description The GSKit CMS KDB logic fails to salt the hash function, resulting in weaker than expected protection of passwords. This weakness may allow a weak password to be recovered.

Recommendations For IBM Spectrum Protect versions 7.1 and 7.2, update to a newer version and change passwords to ensure they are stored more securely. For IBM Spectrum Protect Snapshot versions 4.1.3, 4.1.4, and 4.1.6, update to a newer version and change passwords to ensure they are stored more securely.