CVE-2023-33838
29.01.2025, 02:15
IBM Security Verify Governance 10.0.2 Identity Manager uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.Enginsight
| Vendor | Product | Version |
|---|---|---|
| ibm | security_verify_governance | 10.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-759 - Use of a One-Way Hash without a SaltThe software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input.
- CWE-916 - Use of Password Hash With Insufficient Computational EffortThe software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.