You are here

V-013: EMC Avamar Client for VMware Discloses Server Password to Local Users

October 31, 2012 - 6:00am

Addthis

PROBLEM:

EMC Avamar Client for VMware Discloses Server Password to Local Users

PLATFORM:

EMC Avamar Client for VMware 6.1

ABSTRACT:

A vulnerability was reported in EMC Avamar Client for VMware.

REFERENCE LINKS:

SecurityTracker Alert ID:  1027705
Security Focus 
CVE-2012-4610

IMPACT ASSESSMENT:

High

DISCUSSION:

A local user can obtain the target server's root password. The Avamar VMWare proxy client stores the Avamar Server root user password in plain text. A local user can obtain the password. Then, a remote user can gain root access on the target Avamar server.

IMPACT:

A local user can obtain the target server's root password and gain access to the target server.

SOLUTION:

The vendor has issued a fix (EMC Avamar Client for VMware hotfix 40843). 
 

Addthis