IBMACF8206F2832F0C09E94147A4A347B3928F09DC3048371F29DFC574DAD47E241Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server uses an insecure hashing scheme for handling user passwords (CVE-2015-1913)
0.003 Low
EPSS
Percentile
67.8%
Summary
Rational Test Control Panel component stores MD5 hashes of user passwords, which has now proven to be insecure.
Vulnerability Details
CVE ID: CVE-2015-1913
Description: Rational Test Control Panel generates and stores an MD5 hash of users’ passwords. The MD5 hash is persisted and used to authenticate the user the next time he/she logs into the server. The MD5 hash algorithm is understood to be vulnerable to an attack.
CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101855> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server versions:
- 8.0.0.x
- 8.0.1.x
- 8.5.0.x
- 8.5.1.x
- 8.6.0.x
- 8.7.0.x
Remediation/Fixes
The fixes for the CVE(s) mentioned above have been incorporated into the latest fixpacks available from IBM.
Upgrade your installation as follows:
Visit IBM Fix Central to search for, download and apply the following fixpacks for your version of product:
- All 8.0.0.x -> 8.0.0.5 * All 8.0.1.x ->8.0.1.6 * All 8.5.0.x ->8.5.0.4 * All 8.5.1.x ->8.5.1.5 * All 8.6.0.x ->8.6.0.4 * All 8.7.0.x ->8.7.0.2
Workarounds and Mitigations
None
Related
0.003 Low
EPSS
Percentile
67.8%