|
Problem IT22414
|
Status: Closed |
SECURITY: DB2 INSTALL USES WEAK PASSWORD ENCRYPTION
|
| product: |
DB2 FOR LUW / DB2FORLUW / A50 - DB2 |
| Problem description: |
During the DB2 instance creation at silent install time, if the
user
invokes the option to have DB2 to create Unix accounts, the
accounts are created with a saved hashed password that uses the
DES encryption method. The accounts that DB2 install can create
on behalf the user are: DB2 instance, DB2 Administrator Server
(DAS) and Fenced ID. See Security Bulletin for details:
http://www-01.ibm.com/support/docview.wss?uid=swg22012948 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* All DB2 systems on all Linux, Unix and Windows platforms at *
* service levels Version 10.5 GA through to Version 10.5 Fix *
* Pack 9. *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 Version 10.5 Fix Pack 10 or higher. *
**************************************************************** |
| Local Fix: |
The initial password hash uses a weak encryption which can be
mitigated by changing the password after account creation. |
| Solution |
|
| Workaround |
not known / see Local fix |
| BUG-Tracking |
forerunner : IT22411
follow-up : |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 15.09.2017
11.07.2018
05.12.2018 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
