IBM has been forced to issue a security bulletin after its X-Force ethical hacking team found a serious issue with the company’s own Security Intelligence Platform, QRadar.
IBM QRadar SIEM 7.2 and 7.3 both use hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator: a successful attacker could use this to access further critical security information.
In CVE-2018-1650 (Common Vulnerabilities and Exposures) published on Wednesday, the vulnerability was assigned a “medium” CVSS severity score of 5.90 and ascribed a “high” confidentiality impact in the event of exploitation.
IBM admitted in a security bulletin posted Wednesday that the security analytics software hub “contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.”
The company offered two patches by way of remediation and credited its own X-Force ethical hacking team for the find: attack complexity was high, but so would confidentiality impact be for a successful attacker, X-Force noted.
Etienne Greeff, CTO and co-founder at SecureData, told Computer Business Review: “Now often deploying additional security actually increases the attack surface. In this instance it gives somebody a very convenient place to get to a lot of very useful security information. Security product administration should not just use passwords, passwords will always be a weak link as is shown here.”
He added: “The other question is why a security company would hard code creds; the cynic in me might think this is similar to Juniper leaving credentials for law enforcement…”
IBM describes the offering as a “Security Immune System”. It centrally collects and analyses log and network flow data throughout “even the most highly distributed environments” to provide actionable insights into threats.
The “solution automatically sorts through millions to billions of events per day to detect anomalous and malicious activities, identify and group related events, and generate prioritized alerts to only the most critical threats.”