Home Unlabelled IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2017-1504)

IBM Security Bulletin: Weaker than expected security in WebSphere Application Server (CVE-2017-1504)

By
Wednesday, August 02, 2017
Read
Add Comment

Aug 2, 2017 10:00 am EDT

Categorized: Medium Severity

Share this post:

WebSphere Application Server traditional 9.0.0.4 added a new feature using the PasswordUtil command to enable AES password encryption. If you used this feature, then you have a potential for weaker than expected security since some passwords did not get encrypted as you might have expected. If you didn’t use this new feature, then you are not affected by this vulnerability. This does not affect passwords with the default XOR encoding, or passwords with custom encryption.

CVE(s): CVE-2017-1504

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0.0.4 – if you used the PasswordUtil command to enable AES password encryption.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hnqspf
X-Force Database: http://ift.tt/2f8z9mx



from IBM Product Security Incident Response Team http://ift.tt/2hnHYtr
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us