View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 6, 2018

IBM White Hats Helpfully Catch Security Howler in… IBM’s Own Security Hub

Security tool had hard-coded credentials

By CBR Staff Writer

IBM has been forced to issue a security bulletin after its X-Force ethical hacking team found a serious issue with the company’s own Security Intelligence Platform, QRadar.

IBM QRadar SIEM 7.2 and 7.3 both use hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator: a successful attacker could use this to access further critical security information.

In CVE-2018-1650 (Common Vulnerabilities and Exposures) published on Wednesday, the vulnerability was assigned a “medium” CVSS severity score of 5.90 and ascribed a “high” confidentiality impact in the event of exploitation.

IBM admitted in a security bulletin posted Wednesday that the security analytics software hub “contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.”

QRadar Patched: IBM: Thanks…

The company offered two patches by way of remediation and credited its own X-Force ethical hacking team for the find: attack complexity was high, but so would confidentiality impact be for a successful attacker, X-Force noted.

Etienne Greeff, CTO and co-founder at SecureData, told Computer Business Review: “Now often deploying additional security actually increases the attack surface. In this instance it gives somebody a very convenient place to get to a lot of very useful security information. Security product administration should not just use passwords, passwords will always be a weak link as is shown here.”

He added: “The other question is why a security company would hard code creds; the cynic in me might think this is similar to Juniper leaving credentials for law enforcement…”

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

IBM describes the offering as a “Security Immune System”. It centrally collects and analyses log and network flow data throughout “even the most highly distributed environments” to provide actionable insights into threats.

The “solution automatically sorts through millions to billions of events per day to detect anomalous and malicious activities, identify and group related events, and generate prioritized alerts to only the most critical threats.”

See also: Google to Amazon: We’ll See Your Security Hub and Raise You a Command Centre


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.