CVE-2020-7196

Summary

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Affected Software

VendorProductVersion RangeStatus
n/aBlueData EPIC Software; HPE Ezmeral Container Platform4.0 and earlieraffected
n/aBlueData EPIC Software; HPE Ezmeral Container Platform5.0affected

Weaknesses

  • remote disclosure of privileged information

ADP Enrichment

CVE Program Container

Additional References

References