Plaintext Password Storage Vulnerability in Dell EMC Secure Remote Services
CVE-2018-11079

5.5MEDIUM

Key Information:

Vendor

Dell
Status
Esrs Virtual Edition
Vendor
CVE Published:
18 October 2018

What is CVE-2018-11079?

Dell EMC Secure Remote Services prior to version 3.32.00.08 has a vulnerability related to the storage of database credentials in plaintext within a configuration file. This allows an authenticated attacker who has access to the configuration file to retrieve the exposed passwords, potentially granting unauthorized access to the application database. Proper secure password storage practices should be implemented to mitigate this risk.

Affected Version(s)

ESRS Virtual Edition < 3.32.00.08

References

https://seclists.org/fulldisclosure/2018/Oct/35
mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/105694
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041877
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-11079 : Plaintext Password Storage Vulnerability in Dell EMC Secure Remote Services