Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31826
HistoryMar 21, 2015 - 12:00 a.m.

EMC M&R (Watch4net) data storage collector credentials are not properly protected

2015-03-2100:00:00
vulners.com
20

EMC M&R (Watch4net) data storage collector credentials are not properly
protected

Han Sahin, November 2014


Abstract

It was discovered that EMC M&R (Watch4net) credentials of remote servers
stored in Watch4net are encrypted using a fixed hardcoded password. If
an attacker manages to obtain a copy of the encrypted credentials, it is
trivial to decrypt them.


Affected products

EMC reports that the following products are affected by this
vulnerability:

  • EMC M&R (Watch4Net) versions prior 6.5u1
  • EMC ViPR SRM versions prior to 3.6.1

See also

  • CVE-2015-0514
  • ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

Fix

EMC released the following updated versions that resolve this
vulnerability:

  • EMC M&R (Watch4Net) 6.5u1
  • EMC ViPR SRM 3.6.1

Registered customers can download upgraded software from support.emc.com
at https://support.emc.com/downloads/34247_ViPR-SRM.


Details

https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html

Related for SECURITYVULNS:DOC:31826