Vulnerabilities > CVE-2022-28168 - Insecure Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.2.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
References
- https://security.netapp.com/advisory/ntap-20220627-0003/
- https://security.netapp.com/advisory/ntap-20220627-0003/
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979