Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/May/61 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/104246 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2018-05-29 17:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-1241
Mitre link : CVE-2018-1241
CVE.ORG link : CVE-2018-1241
JSON object : View
Products Affected
emc
- recoverpoint
- recoverpoint_for_virtual_machines
CWE
CWE-532
Insertion of Sensitive Information into Log File