Vulnerabilities > CVE-2014-0645 - Credentials Management vulnerability in EMC products
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
Hardware | 2 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:66937 CVE ID:CVE-2014-0645 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance把root, super, admin内置账户的默认密码使用DES加密算法存储,允许攻击者利用漏洞可恢复这些密码。 0 EMC Cloud Tiering Appliance (CTA) 10 EMC Cloud Tiering Appliance (CTA) 10 SP1 EMC Cloud Tiering Appliance (CTA) 9.x EMC File Management Appliance (FMA) 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: 10.0: https://download.emc.com/downloads/DL53068_CTA-10.0-Hot-Fix-for-ESA-2014-028.zip 10.0 SP1: https://download.emc.com/downloads/DL53069_CTA-10.0-SP1-Hot-Fix-for-ESA-2014-028.zip |
id | SSV:62247 |
last seen | 2017-11-19 |
modified | 2014-04-21 |
published | 2014-04-21 |
reporter | Root |
title | EMC Cloud Tiering Appliance (CTA)本地信息泄漏漏洞 |