HackDig : Dig high-quality web security articles for hacker

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

2017-09-27 05:40
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

EMC Identifier: ESA-2017-119
CVE Identifier: CVE-2017-8021
Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

Affected products:
* EMC Elastic Cloud Storage all versions prior to 3.1

Summary:
EMC Elastic Cloud Storage (ECS) is affected by an undocumented account vulnerability that could potentially be
leveraged by malicious users to compromise the affected system.

Details:
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This
user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote
malicious user with the knowledge of the default password could potentially login to compromise the affected system.

Resolution:
Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers
to change the default password at the earliest opportunity.

Link to Remedy:
Customers are requested to contact Customer Support to help change the default password for this account.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr
kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl
VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR
/8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax
bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3
veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44=
=8t9r
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 47/peS/7102/erusolcsidlluf/gro.stsilces

Read:1606 | Comments:0 | Tags: Cloud Vulnerability

“ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud