what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

EMC Elastic Cloud Storage Undocumented Account

EMC Elastic Cloud Storage Undocumented Account
Posted Sep 28, 2017
Site emc.com

ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote malicious user with the knowledge of the default password could potentially login to compromise the affected system.

tags | advisory, remote
advisories | CVE-2017-8021
SHA-256 | 25337f0cf2611f718c36d835f6039844f57b35756a5bcdf2fb0cbd23997d38db

EMC Elastic Cloud Storage Undocumented Account

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

EMC Identifier: ESA-2017-119
CVE Identifier: CVE-2017-8021
Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

Affected products:
* EMC Elastic Cloud Storage all versions prior to 3.1

Summary:
EMC Elastic Cloud Storage (ECS) is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.

Details:
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote malicious user with the knowledge of the default password could potentially login to compromise the affected system.

Resolution:
Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity.

Link to Remedy:
Customers are requested to contact Customer Support to help change the default password for this account.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr
kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl
VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR
/8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax
bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3
veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44=
=8t9r
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close