CVE-2014-0645

2014-04-1701:55:00

CWE-255

[email protected]

web.nvd.nist.gov

emc

cta

fma

password hashes

brute-force attack

cve-2014-0645

security vulnerability

6.2 Medium

AI Score

Confidence

Low

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

42.8%

JSON

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.

CPENameOperatorVersion
emc:cloud_tiering_appliance_softwareemc cloud tiering appliance softwareeq9.0
emc:cloud_tiering_appliance_softwareemc cloud tiering appliance softwareeq10.0
emc:cloud_tiering_applianceemc cloud tiering applianceeq-
emc:file_management_appliance_softwareemc file management appliance softwareeq7.0
emc:file_management_applianceemc file management applianceeq-

CPE	Name	Operator	Version
emc:cloud_tiering_appliance_software	emc cloud tiering appliance software	eq	9.0
emc:cloud_tiering_appliance_software	emc cloud tiering appliance software	eq	10.0
emc:cloud_tiering_appliance	emc cloud tiering appliance	eq	-
emc:file_management_appliance_software	emc file management appliance software	eq	7.0
emc:file_management_appliance	emc file management appliance	eq	-