First published: Thu Dec 17 2020(Updated: )
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC Unity Operating Environment | <5.0.4.0.5.012 | |
Dell Emc Unity Vsa Operating Environment | <5.0.4.0.5.012 | |
Dell Emc Unity Xt Operating Environment | <5.0.4.0.5.012 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Dell EMC Unity vulnerability is CVE-2020-26199.
CVE-2020-26199 has a severity rating of 6.7 (Medium).
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 are affected by CVE-2020-26199.
CVE-2020-26199 exposes user credentials, including the Unisphere admin privilege user password, in plain text in multiple log files.
Yes, Dell has released a fix for CVE-2020-26199. It is recommended to upgrade to Unity, Unity XT, and UnityVSA versions 5.0.4.0.5.012 or later.