CVE-2020-29489
05.01.2021, 22:15
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | emc_unity_operating_environment | 𝑥 < 5.0.4.0.5.012 |
| dell | emc_unity_vsa_operating_environment | 𝑥 < 5.0.4.0.5.012 |
| dell | emc_unity_xt_operating_environment | 𝑥 < 5.0.4.0.5.012 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.