Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   EMC NetWorker Vendors:   EMC
EMC NetWorker AMQP Flaw Lets Remote Users Monitoring the Network Obtain Passwords
SecurityTracker Alert ID:  1041393
SecurityTracker URL:
CVE Reference:   CVE-2018-11050   (Links to External Site)
Date:  Jul 31 2018
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0, and prior 9.1.x, and prior 9.2.x,
Description:   A vulnerability was reported in EMC NetWorker. A remote user monitoring the network can obtain passwords.

A remote user monitoring the local network collision domain can exploit a flaw in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component to obtain clear text passwords that are sent to the remote AMQP service. The password can be used to access the target component with the privileges of the target user.

Impact:   A remote user monitoring the network can obtain passwords.
Solution:   The vendor has issued a fix (,,; Advisory DSA-2018-120).
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (macOS/OS X), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC