CVE-2020-7196

Published: Oct 26, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Vendor	Product	Versions
n/a	BlueData EPIC Software; HPE Ezmeral Container Platform	affected `4.0 and earlier` affected `5.0`

References

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-7196

Description

Affected Products

References