Vigil@nce - EMC Unisphere for VMAX: password disclosure
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A physical attacker can look the EMC Unisphere for VMAX console,
in order to obtain the LDAP password.
Impacted products: Unisphere EMC
Severity: 1/4
Creation date: 30/10/2013
DESCRIPTION OF THE VULNERABILITY
The EMC Unisphere for VMAX product can be configured to use LDAP.
However, when the administrator enables the LDAP debugging, the
LDAP Bind password is displayed in clear text on the console.
A physical attacker can therefore look the EMC Unisphere for VMAX
console, in order to obtain the LDAP password.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/EMC-Unisphere-for-VMAX-password-disclosure-13672