Vulnerabilities > CVE-2014-0645 - Credentials Management vulnerability in EMC products

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE

Summary

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:66937 CVE ID:CVE-2014-0645 EMC Cloud Tiering Appliance能够协助存储管理人员有效简单的管理以档案为单位的非结构性数据。 EMC Cloud Tiering Appliance把root, super, admin内置账户的默认密码使用DES加密算法存储,允许攻击者利用漏洞可恢复这些密码。 0 EMC Cloud Tiering Appliance (CTA) 10 EMC Cloud Tiering Appliance (CTA) 10 SP1 EMC Cloud Tiering Appliance (CTA) 9.x EMC File Management Appliance (FMA) 7.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: 10.0: https://download.emc.com/downloads/DL53068_CTA-10.0-Hot-Fix-for-ESA-2014-028.zip 10.0 SP1: https://download.emc.com/downloads/DL53069_CTA-10.0-SP1-Hot-Fix-for-ESA-2014-028.zip
idSSV:62247
last seen2017-11-19
modified2014-04-21
published2014-04-21
reporterRoot
titleEMC Cloud Tiering Appliance (CTA)本地信息泄漏漏洞