[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability
From:       Security Alert <Security_Alert () emc ! com>
Date:       2013-12-24 15:12:17
Message-ID: 37F0BE0896DB1544B5BEFBE34F79D05330FF81F6 () MX103CL01 ! corp ! emc ! com
[Download RAW message or body]

["ESA-2013-091.txt" (text/plain)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-091: EMC Watch4net Information Disclosure Vulnerability 

EMC Identifier: ESA-2013-091

CVE Identifier: CVE-2013-6181

Severity Rating: CVSS v2 Base Score: CVSS 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)


Affected products:  

•	EMC Watch4Net versions prior to 6.3.


Summary:  

EMC Watch4net stores device passwords in clear text in its installation repository.


Details:  

EMC Watch4Net stores passwords of devices polled during monitoring in clear text in \
Watch4Net installation repository.  This could allow a malicious user with access to \
Watch4Net installation repository to view those passwords.


Resolution:  

The following products contain the resolution to this issue:
•	EMC Watch4net 6.3 or higher
The credentials are stored encrypted in configuration files. 

EMC strongly recommends all customers upgrade at the earliest opportunity to version \
6.3 or higher. 


Link to remedies:

Customers can download software from https://support.emc.com/products/28924_Watch4net \
  


Read and use the information in this EMC Security Advisory to assist in avoiding any \
situation that might arise from the problems described herein. If you have any \
questions regarding this product alert, contact EMC Software Technical Support at \
1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution \
emc218831. EMC recommends all customers take into account both the base score and any \
relevant temporal and environmental scores which may impact the potential severity \
associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the \
attention of users of the affected EMC products, important security information. EMC \
recommends that all users determine the applicability of this information to their \
individual situations and take appropriate action. The information set forth herein \
is provided "as is" without warranty of any kind. EMC disclaims all warranties, \
either express or implied, including the warranties of merchantability, fitness for a \
particular purpose, title and non-infringement. In no event, shall EMC or its \
suppliers, be liable for any damages whatsoever including direct, indirect, \
incidental, consequential, loss of business profits or special damages, even if EMC \
or its suppliers have been advised of the possibility of such damages. Some states do \
not allow the exclusion or limitation of liability for consequential or incidental \
damages, so the foregoing limitation may not apply.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

iEYEARECAAYFAlK5ovsACgkQtjd2rKp+ALwzBQCgmuINlRQx1dO7SYfojgeeXoo/
61gAoLhlJlzLzjoqJAowFP4bhF+7wT7c
=xIX1
-----END PGP SIGNATURE-----



[prev in list] [next in list] [prev in thread] [next in thread]