The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action. IBM X-Force ID: 139972.

Related CVEs

CVE-2018-1447

Key Information

GHSA ID

GHSA-m7f9-w9g7-x6f7

Published

May 13, 2022 1:49 AM

Last Modified

May 13, 2022 1:49 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 5, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.