PROBLEM:
EMC Avamar Client for VMware Discloses Server Password to Local Users
PLATFORM:
EMC Avamar Client for VMware 6.1
ABSTRACT:
A vulnerability was reported in EMC Avamar Client for VMware.
REFERENCE LINKS:
SecurityTracker Alert ID: 1027705
Security Focus
CVE-2012-4610
IMPACT ASSESSMENT:
High
DISCUSSION:
A local user can obtain the target server's root password. The Avamar VMWare proxy client stores the Avamar Server root user password in plain text. A local user can obtain the password. Then, a remote user can gain root access on the target Avamar server.
IMPACT:
A local user can obtain the target server's root password and gain access to the target server.
SOLUTION:
The vendor has issued a fix (EMC Avamar Client for VMware hotfix 40843).