Dell EMC Unity and UnityVSA versions before 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell emc unityvsa operating environment |
||
dell emc unity operating environment |