Design/Logic Flaw

2020-10-2616:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.4%

JSON

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url “/bdswebui/assignusers/”.

CPENameOperatorVersion
bluedata_epicle4.0
ezmeral_container_platformeq5.0

CPE	Name	Operator	Version
	bluedata_epic	le	4.0
	ezmeral_container_platform	eq	5.0

References

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us