Lack of Salt in IBM Security Guardium 10 and 10.5 Cryptographic Hash Vulnerability

Lack of Salt in IBM Security Guardium 10 and 10.5 Cryptographic Hash Vulnerability

CVE-2017-1268 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743.

Learn more about our Web Application Penetration Testing UK.