CVE-2020-26199

Published: Jan 5, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.

Affected (3)

Products: Dell: Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment

Dell

3 products

Emc Unity Operating Environment

Emc Unity Vsa Operating Environment

Emc Unity Xt Operating Environment

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Unity Operating Environment	Before 5.0.4.0.5.012
Dell Emc Unity Vsa Operating Environment	Before 5.0.4.0.5.012
Dell Emc Unity Xt Operating Environment	Before 5.0.4.0.5.012

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (2)

https://www.dell.com/support/kbdoc/000181248

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000181248

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.