SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC NetWorker Vendors:   EMC
EMC NetWorker Module for MEDITECH Password Disclosure Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1031116
SecurityTracker URL:  http://securitytracker.com/id/1031116
CVE Reference:   CVE-2014-4620   (Links to External Site)
Date:  Oct 24 2014
Impact:   Disclosure of authentication information, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NetWorker Module for MEDITECH
Description:   A vulnerability was reported in EMC NetWorker Module for MEDITECH. A local user can obtain passwords.

When the EMC NetWorker Module for MEDITECH is used with EMC RecoverPoint, Plink commands write RecoverPoint Appliance login IDs and passwords in clear text in the NMMEDI log files. A local user can obtain these passwords.

Impact:   A local user can obtain RecoverPoint Appliance user IDs and passwords.
Solution:   The vendor has issued a fix (EMC NetWorker Module for MEDITECH 3.0 build 92, 8.2 Build 479 (Windows x64); Advisory ESA-2014-087).
Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (macOS/OS X), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC