Quantum DXi V1000 SSH Private Key Exposure

ID 1337DAY-ID-22049
Type zdt
Reporter metasploit
Modified 2014-03-22T00:00:00


Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.