Unobfuscated Password Exposure in Brocade Fabric OS CLI

Unobfuscated Password Exposure in Brocade Fabric OS CLI

CVE-2020-15369 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.

Learn more about our Cis Benchmark Audit For Server Software.