CVE-2023-33838

Name of the Vulnerable Software and Affected Versions IBM Security Verify Governance 10.0.2 Identity Manager

Description The issue arises because the product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but it does not also use a salt as part of the input. This lack of salting in the hashing process could potentially make the hashed passwords more susceptible to certain types of attacks.

Recommendations For IBM Security Verify Governance 10.0.2 Identity Manager, consider implementing an additional security measure such as salting the input to the one-way cryptographic hash to enhance password security until a patch is available. As a temporary workaround, review and enhance the overall password storage and verification process to minimize potential risks.