Weak Password Vulnerability in Brocade SANnav Network Management Software
CVE-2020-15382

7.2HIGH

Key Information:

Vendor: Broadcom
Status: Brocade Sannav
Vendor: CVE Published:; 9 June 2021

Summary

Brocade SANnav versions prior to 2.1.1 are affected by a vulnerability that utilizes a hard-coded administrator account with a weak default password of ‘passw0rd’. This occurs when a user does not specify a password for PostgreSQL during installation. Such weak security measures can be exploited, potentially granting unauthorized access to sensitive network configurations. It's crucial for users to upgrade to versions that rectify this flaw and implement robust password policies.

Affected Version(s)

Brocade SANnav Brocade SANnav before version 2.1.1

References

https://www.broadcom.com/support/fibre-channel-networking...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
Jun 29, 2020