Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26199
Reference (s):
- https://www.dell.com/support/kbdoc/000181248
- URL: https://www.dell.com/support/kbdoc/000181248