DSA-2022-076: Dell EMC Repository Manager Security Update for a Plain-Text Password Storage Vulnerability
Summary: Dell EMC Repository Manager remediation is available for a plain-text password storage vulnerability that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-26856 | Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | 8.2 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Affected Products & Remediation
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
| CVE(s) Addressed | Product | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2022-26856 | Dell EMC Repository Manager |
3.4 |
3.4.1 | Link to update |
Workarounds & Mitigations
For Dell EMC Repository Manager (DRM) version 3.4, an Admin user can change the database password to a new password as a workaround for CVE-2022-26856. For workaround to be effective, Admin must change the initial database password that was created at installation or update. Dell recommends making this password different from the initial password created for the database.
Revision History
| Revision | Date | Description |
| 1.0 | 2022-04-04 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
Product Security Information, Dell EMC Repository Manager - Current VersionsArticle Properties
Article Number: 000197797
Article Type: Dell Security Advisory
Last Modified: 04 Apr 2022
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.