IBM Issues Patches For Its Verification Gateway
The tech giant has been at the forefront of many enterprise technologies like handling servers, providing cloud technologies and security services. And now, as a part of its security services, IBM’s Gateway Verification (IGV) has vested with a critical vulnerability that could let potential hackers gain access to a target’s device of the network via brute-force attacking his credentials. Brute-force attacks are something that would let an attacker with a set of usernames and credentials to try every combination, in order to obtain the right credentials. The beforehand list of usernames and passwords can be brought by a hacker through some other way, like purchasing in dark web forums from a data breach. These will be inputted into the attacking software to hit the authentication system continuously until it gets the right combination. Thus, authentication portal makers would often set a limit on the number of times one can enter wrong credentials as a safe security practice. But IBM’s Verify Gateway didn’t have one. This could possibly let an attacker breach in by using the brute-force attack. To avoid this from happening, the maker has today released security advisories with patches to apply. Advisories relating the versions 1.0.0 and 1.0.1 of the Verify Gateway, has a CVSS severity score of 7.5, and is caused by “an account lockout mechanism deemed “inadequate” which does not prevent multiple access attempts”. Thus the patches as v1.0.1 IVG for RADIUS and AIX PAM, v1.0.2 of IVG for Linux PAM, and IVG for Windows Login are released. IBM has also added advisories for other vulnerabilities like CVE-2020-4369 and CVE-2020-4372 and recommends users to apply immediately.