Vulnerabilities > CVE-2013-3278 - Credentials Management vulnerability in EMC products

CVSS 4.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

local

low complexity

emc

CWE-255

NVD

Published: 2013-10-01

Updated: 2013-10-02

Summary

EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Geosynchrony *	1
Hardware	Emc EMC Vplex GEO - EMC Vplex Local - EMC Vplex Metro -	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://archives.neohapsis.com/archives/bugtraq/2013-09/0135.html