IBM has been forced to issue a security bulletin after its X-Force ethical hacking team found a serious issue with the company’s own Security Intelligence Platform, QRadar.
IBM QRadar SIEM 7.2 and 7.3 both use hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator: a successful attacker could use this to access further critical security information.
In CVE-2018-1650 (Common Vulnerabilities and Exposures) published on Wednesday, the vulnerability was assigned a “medium” CVSS severity score of 5.90 and ascribed a “high” confidentiality impact in the event of exploitation.
IBM admitted in a security bulletin posted Wednesday that the security analytics software hub “contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.”
QRadar Patched: IBM: Thanks…
The company offered two patches by way of remediation and credited its own X-Force ethical hacking team for the find: attack complexity was high, but so would confidentiality impact be for a successful attacker, X-Force noted.
Etienne Greeff, CTO and co-founder at SecureData, told Computer Business Review: “Now often deploying additional security actually increases the attack surface. In this instance it gives somebody a very convenient place to get to a lot of very useful security information. Security product administration should not just use passwords, passwords will always be a weak link as is shown here.”
He added: “The other question is why a security company would hard code creds; the cynic in me might think this is similar to Juniper leaving credentials for law enforcement…”
IBM describes the offering as a “Security Immune System”. It centrally collects and analyses log and network flow data throughout “even the most highly distributed environments” to provide actionable insights into threats.