Quantum DXi V1000 SSH Private Key Exposure

2014-03-22T00:00:00
ID 1337DAY-ID-22049
Type zdt
Reporter metasploit
Modified 2014-03-22T00:00:00

Description

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.