Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/May/61 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/104246 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2018/May/61 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/104246 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2018/May/61 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/104246 - Third Party Advisory, VDB Entry |
Information
Published : 2018-05-29 17:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1241
Mitre link : CVE-2018-1241
CVE.ORG link : CVE-2018-1241
JSON object : View
Products Affected
emc
- recoverpoint
- recoverpoint_for_virtual_machines
CWE
CWE-532
Insertion of Sensitive Information into Log File