Plain-Text Password Storage Vulnerability in Dell EMC PowerStore
CVE-2020-29500

7.5HIGH

Key Information:

Vendor: Dell
Status: Powerstore
Vendor: CVE Published:; 5 January 2021

Summary

The Dell EMC PowerStore software has a vulnerability that allows locally authenticated attackers to access sensitive user credentials stored in plain text. This flaw can be exploited by an attacker to gain unauthorized access to the affected application, utilizing the compromised account's privileges. The issue is present in versions prior to 1.0.3.0.5.007, highlighting the importance of updating the system to mitigate potential exploitation risks.

Affected Version(s)

PowerStore < unspecified

References

https://www.dell.com/support/kbdoc/000180775

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2021
Vulnerability Reserved
Dec 3, 2020