CVE Vulnerabilities

CVE-2020-5315

Plaintext Storage of a Password

Published: Jul 19, 2021 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user.

Weakness

Storing a password in plaintext may result in a system compromise.

Affected Software

Name Vendor Start Version End Version
Emc_repository_manager Dell * 3.2 (including)

Potential Mitigations

References