Primary

Context

IBM Security Verify Governance Cryptographic Hash Vulnerability in Identity Manager

Vulnerability

Patched

A vulnerability exists in IBM Security Verify Governance 10.0.2 Identity Manager, where a one-way cryptographic hash is applied to inputs like passwords without the use of a salt. This omission can make the hashing process reversible, potentially allowing for the original input to be retrieved.

Impact

The lack of salting in the hashing process could lead to vulnerabilities such as rainbow table attacks, where an attacker precomputes hash values to reverse-engineer hashed inputs like passwords.

Remediation

Users are advised to update to version 10.0.2.0-ISS-ISVG-IGVA-FP0004, available through the IBM Support Fix Central.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Security Verify Governance Cryptographic Hash Vulnerability in Identity Manager

Vulnerability

Impact

Remediation

Affected Products

IBM Security Verify Governance

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating