The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url “/bdswebui/assignusers/”.
[
{
"product": "BlueData EPIC Software; HPE Ezmeral Container Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.0 and earlier"
},
{
"status": "affected",
"version": "5.0"
}
]
}
]