CVE Vulnerabilities

CVE-2022-29085

Plaintext Storage of a Password

Published: Jun 02, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

Weakness

Storing a password in plaintext may result in a system compromise.

Affected Software

Name Vendor Start Version End Version
Unity_operating_environment Dell * 5.2.0.0.5.173 (excluding)
Unity_xt_operating_environment Dell * 5.2.0.0.5.173 (excluding)
Unityvsa_operating_environment Dell * 5.2.0.0.5.173 (excluding)

Potential Mitigations

References