Password Management Flaw in EMC Data Domain OS
CVE-2016-0912

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Emc Data Domain Os
Vendor: CVE Published:; 19 June 2016

Summary

The vulnerability in EMC Data Domain OS versions 5.4 to 5.7 prior to 5.7.2.0 allows remote authenticated users to bypass password-change restrictions. This is achieved by exploiting access to an account with the same role as the target account or by using an account's active session on an unattended workstation, potentially compromising sensitive data and system integrity.

References

http://www.securitytracker.com/id/1036079

vdb-entryx_refsource_SECTRACK

http://seclists.org/bugtraq/2016/Jun/50

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2016
Vulnerability Reserved
Dec 17, 2015