The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Fabric_operating_system | Broadcom | * | 8.2.3d (excluding) |
| Fabric_operating_system | Broadcom | 9.0.0 (including) | 9.1.1c (excluding) |
While logging all information may be helpful during development stages, it is important that logging levels be set appropriately before a product ships so that sensitive user data and system information are not accidentally exposed to potential attackers. Different log files may be produced and stored for: