Plain-Text Password Storage Issue in Dell EMC Repository Manager
CVE-2020-5315

8.8HIGH

Key Information:

Vendor: Dell
Status: Dell Emc Repository Manager (drm)
Vendor: CVE Published:; 19 July 2021

Summary

Dell EMC Repository Manager version 3.2 has a vulnerability that allows sensitive credentials, specifically proxy server user passwords, to be stored in plain text within a local database. This poses significant risks, as a local authenticated attacker with access to the file system can exploit the stored passwords, potentially gaining unauthorized access to systems with the same privileges as the compromised account. Effective security measures should be implemented to avoid risks associated with sensitive data exposure.

Affected Version(s)

Dell EMC Repository Manager (DRM) 3.3

References

https://www.dell.com/support/article/us/en/04/sln319925/d...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2021
Vulnerability Reserved
Jan 3, 2020