Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0645

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2014-0645
Last Modified 17 Apr 2014 11:10:45
Published 16 Apr 2014 09:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0645

Summary

EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.

Vulnerable Systems

Application

  • Emc Cloud Tiering Appliance Software 10.0

  • Emc Cloud Tiering Appliance Software 9.0

  • Emc File Management Appliance Software 7.0


References

MISC - https://gist.github.com/brandonprry/9895721

FULLDISC - 20140331 EMC CTA v10.0 unauthenticated XXE with root perms

BUGTRAQ - 20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities


Last Updated: 27 May 2016 11:04:57