CVE-2022-29085
02.06.2022, 21:15
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.Enginsight
| Vendor | Product | Version |
|---|---|---|
| dell | unity_operating_environment | 𝑥 < 5.2.0.0.5.173 |
| dell | unity_xt_operating_environment | 𝑥 < 5.2.0.0.5.173 |
| dell | unityvsa_operating_environment | 𝑥 < 5.2.0.0.5.173 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-256 - Plaintext Storage of a PasswordStoring a password in plaintext may result in a system compromise.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.