Insecure Handling of Kerberos Passwords in HPE BlueData EPIC Software Platform and HPE Ezmeral Container Platform

Insecure Handling of Kerberos Passwords in HPE BlueData EPIC Software Platform and HPE Ezmeral Container Platform

CVE-2020-7196 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Learn more about our Web App Pen Testing.