Описание
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
Уязвимые конфигурации
Конфигурация 1Версия до 4.0 (включая)
Одно из
cpe:2.3:a:hp:bluedata_epic:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:ezmeral_container_platform:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00158
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
EPSS
Процентиль: 37%
0.00158
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200