Use of hardcoded password in EMC Data Protection Advisor - CVE-2017-8013
Published: September 16, 2017 / Updated: September 19, 2017
Vulnerability identifier: #VU8491
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8013
CWE-ID: CWE-259
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
EMC Data Protection Advisor
EMC Data Protection Advisor
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication to the target system.
The weakness exists in the EMC DPA Application service due to user of hard-coded passwords for undocumented accounts, including administrative accounts. A remote attacker can use REST APIs to bypass authentication under the context of the Administrator and gain unauthorized access to the system.
The weakness exists in the EMC DPA Application service due to user of hard-coded passwords for undocumented accounts, including administrative accounts. A remote attacker can use REST APIs to bypass authentication under the context of the Administrator and gain unauthorized access to the system.
How to mitigate CVE-2017-8013
Install update (6.3 patch 67, 6.4 patch 130) from vendor's website.