Password vulnerability fixed in Dell storage firmware

By on
Password vulnerability fixed in Dell storage firmware

Failed to block brute force attacks.

Various Dell Unity storage array products need a driver patch to take care of an authentication bug in the Unisphere UI.

The company’s advisory explains that the systems don’t block excessive authentication attempts.

This gives an attacker the chance to launch brute force attacks against Dell Unity, UnityVSA and Unity XT versions before and take over accounts with weak passwords.

The bug, designated CVE-2022-29084, has a Common Vulnerability Scoring System (CVSS) score of 8.1.

A second authentication vulnerability included in the advisory, CVE-2022-29085, has a CVSS score of 6.4.

The advisory states that “certain off-array tools” store high-privilege user credentials in plain text.

However, the credentials are only accessible to a local malicious user with high privileges.

The update also includes patches for more than 100 third-party products and libraries dating back to a pair of sqlite3 fixes from 2015, and 14 OpenSSL bugs from this year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?