Main Vulnerability Database Vulnerabilities #VU76583

Cleartext storage of sensitive information in PowerPath Windows - CVE-2023-32448

Published: May 26, 2023

Vulnerability identifier: #VU76583

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-32448

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PowerPath Windows

Software vendor:
Dell

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application stores its license key stored locally in clear text. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/nl-nl/000214248/dsa-2023-154-powerpath-windows-security-update-for-security-update-for-multiple-vulnerabilities

Cleartext storage of sensitive information in PowerPath Windows - CVE-2023-32448

Description

Remediation

External links

Please verify you're human