Published: 21/01/2015 Updated: 09/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

EMC M&R (aka Watch4Net) prior to 6.5u1 and ViPR SRM prior to 3.6.1 might allow remote malicious users to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
emc watch4net
emc vipr srm

Abstract It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them Affected products EMC reports that the following products are affected by this vulnerabili ...

It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them ...

CWE-200 http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html http://seclists.org/fulldisclosure/2015/Mar/112 https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html http://www.securitytracker.com/id/1031567 http://www.securityfocus.com/bid/72257 http://www.securityfocus.com/archive/1/534923/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/36436/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0514

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect