2 matches found
Plain password is logged in the audit logs while executing update-reports-purge-settings.sh script with Brocade SANnav before 2.4.0a (CVE-2025-12773)
A vulnerability in “update-reports-purge-settings.sh” script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...
CVE-2025-6392 Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)
Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server...