Password vulnerability fixed in Dell storage firmware

By

Failed to block brute force attacks.

Various Dell Unity storage array products need a driver patch to take care of an authentication bug in the Unisphere UI.

Password vulnerability fixed in Dell storage firmware

The company’s advisory explains that the systems don’t block excessive authentication attempts.

This gives an attacker the chance to launch brute force attacks against Dell Unity, UnityVSA and Unity XT versions before 5.2.0.0.5.173 and take over accounts with weak passwords.

The bug, designated CVE-2022-29084, has a Common Vulnerability Scoring System (CVSS) score of 8.1.

A second authentication vulnerability included in the advisory, CVE-2022-29085, has a CVSS score of 6.4.

The advisory states that “certain off-array tools” store high-privilege user credentials in plain text.

However, the credentials are only accessible to a local malicious user with high privileges.

The update also includes patches for more than 100 third-party products and libraries dating back to a pair of sqlite3 fixes from 2015, and 14 OpenSSL bugs from this year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

BoM's seven-year technology transformation cost $866m

BoM's seven-year technology transformation cost $866m

Medibank allegedly missed EDR alerts before data breach

Medibank allegedly missed EDR alerts before data breach

ANZ joins NAB and CBA on ConnectID

ANZ joins NAB and CBA on ConnectID

James Cook University accelerates digital roadmap and cyber uplift

James Cook University accelerates digital roadmap and cyber uplift

Log In

  |  Forgot your password?