CVE-2016-3034

Description

IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily.

Affected products

• IBM Corporation / AppScan Source7.0 – 7.0
• IBM Corporation / AppScan Source8.0 – 8.0
• IBM Corporation / AppScan Source8.0.0.1 – 8.0.0.1
• IBM Corporation / AppScan Source8.0.0.2 – 8.0.0.2
• IBM Corporation / AppScan Source8.5 – 8.5
• IBM Corporation / AppScan Source8.5.0.1 – 8.5.0.1
• IBM Corporation / AppScan Source8.6 – 8.6
• IBM Corporation / AppScan Source8.7 – 8.7
• IBM Corporation / AppScan Source8.8 – 8.8
• IBM Corporation / AppScan Source9.0 – 9.0
• IBM Corporation / AppScan Source9.0.1 – 9.0.1
• IBM Corporation / AppScan Source8.6.0.2 – 8.6.0.2
• IBM Corporation / AppScan Source8.6.0.1 – 8.6.0.1
• IBM Corporation / AppScan Source8.7.0.1 – 8.7.0.1
• IBM Corporation / AppScan Source9.0.0.1 – 9.0.0.1
• IBM Corporation / AppScan Source9.0.2 – 9.0.2
• IBM Corporation / AppScan Source9.0.3.2 – 9.0.3.2
• IBM Corporation / AppScan Source9.0.3 – 9.0.3
• IBM Corporation / AppScan Source9.0.3.1 – 9.0.3.1
• IBM Corporation / AppScan Source9.0.3.3 – 9.0.3.3
• IBM Corporation / AppScan Source9.0.3.4 – 9.0.3.4
• IBM Corporation / AppScan Source9.0.3.5 – 9.0.3.5

References

• MISChttp://www.ibm.com/support/docview.wss?uid=swg21995903
• MISChttp://www.securityfocus.com/bid/95195