Vulners
Lucene search
EMC Data Protection Advisor Hardcoded Password Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | EMC Data Protection Advisor Hard Password Password Vulnerability | 18 Sep 201700:00 | – | cnvd |
 | EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass (CVE-2017-8013) | 31 Jan 201800:00 | – | checkpoint_advisories |
 | CVE-2017-8013 | 16 Mar 201820:00 | – | cve |
 | CVE-2017-8013 | 16 Mar 201820:00 | – | cvelist |
 | EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability | 21 Sep 201700:00 | – | nessus |
 | EUVD-2017-16983 | 7 Oct 202500:30 | – | euvd |
 | CVE-2017-8013 | 16 Mar 201820:29 | – | nvd |
 | CVE-2017-8013 | 16 Mar 201820:29 | – | osv |
 | Hardcoded credentials | 16 Mar 201820:29 | – | prion |
 | EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability | 15 Sep 201700:00 | – | zdi |
10
EMC Data Protection Advisor Hardcoded Password Vulnerability
EMC Identifier: ESA-2017-098
CVE Identifier: CVE-2017-8013
Severity Rating: CVSS v3 Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)
Affected products:
* EMC Data Protection Advisor versions 6.3.x
* EMC Data Protection Advisor versions 6.4.x
Summary:
EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system.
Details:
EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).
Resolution:
The following EMC Data Protection Advisor release contains resolutions to this vulnerability:
* EMC Data Protection Advisor version 6.4 patch 130
* EMC Data Protection Advisor version 6.3 patch 67
"Apollo System Test" and "emc.dpa.metrics.logon" accounts are no longer required for product functionality and have been removed in versions listed above.
The password for "emc.dpa.agent.logon" account can be now changed via the remediated patches listed above. See release notes for more information.
EMC recommends all customers upgrade at the earliest opportunity.
Link to remedies:
Registered EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor
If you have any questions, contact DELL/EMC Support.
# 0day.today [2018-03-20] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Sep 2017 00:00Current
9.1High risk
Vulners AI Score9.1
EPSS0.01305