CVE-2022-34445

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.x through 9.3.x

Description The issue concerns a weak encoding for a password in Dell PowerScale OneFS. A malicious local privileged attacker may potentially exploit this, leading to information disclosure.

Recommendations For Dell PowerScale OneFS versions 8.2.x through 9.3.x, consider restricting access to sensitive information and limiting privileged user accounts until a fix is available. As a temporary workaround, restrict the use of the affected password encoding mechanism to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-261

Related Identifiers

CVE-2022-34445

Affected Products

Dell Powerscale Onefs

CVE-2022-34445

Weakness Enumeration

Related Identifiers

Affected Products

References · 4