Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fabric_operating_system | Broadcom | * | 7.4.2j (excluding) |
Fabric_operating_system | Broadcom | 8.0.0 (including) | 8.2.3c (excluding) |
Fabric_operating_system | Broadcom | 9.0.0 (including) | 9.0.1e (excluding) |
Fabric_operating_system | Broadcom | 9.1.0 (including) | 9.1.0 (including) |