Han Sahin, November 2014
It was discovered that EMC M&R (Watch4net) credentials of remote servers
stored in Watch4net are encrypted using a fixed hardcoded password. If
an attacker manages to obtain a copy of the encrypted credentials, it is
trivial to decrypt them.
EMC reports that the following products are affected by this
vulnerability:
EMC released the following updated versions that resolve this
vulnerability:
Registered customers can download upgraded software from support.emc.com
at https://support.emc.com/downloads/34247_ViPR-SRM.