CVE-2022-28168
https://notcve.org/view.php?id=CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. En Brocade SANnav versiones anteriores a Brocade SANnav versión 2.2.0.2 y Brocade SANnav versión 2.1.1.8, las contraseñas codificadas del servidor scp son almacenadas usando codificación Base64, lo que podría permitir a un atacante capaz de acceder a los archivos de registro descifrar fácilmente las contraseñas • https://security.netapp.com/advisory/ntap-20220627-0003 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2022-28167
https://notcve.org/view.php?id=CVE-2022-28167
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log Brocade SANnav versiones anteriores a Brocade SANvav versión 2.2.0.2 y Brocade SANanv versión 2.1.1.8, registra la contraseña del conmutador Brocade Fabric OS en texto plano en el archivo asyncjobscheduler-manager.log • https://security.netapp.com/advisory/ntap-20220627-0002 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1978 • CWE-522: Insufficiently Protected Credentials •
CVE-2022-28166
https://notcve.org/view.php?id=CVE-2022-28166
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. En Brocade SANnav versiones anteriores a SANN2.2.0.2 y Brocade SANNav versiones anteriores a 2.1.1.8, la implementación del servidor TLS/SSL admite el uso de cifrados de clave estática (ssl-static-key-ciphers) en los puertos 443 y 18082 • https://security.netapp.com/advisory/ntap-20220627-0001 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1977 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-28161
https://notcve.org/view.php?id=CVE-2022-28161
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. Una vulnerabilidad de exposición de información a través de archivos de registro en Brocade SANNav versiones anteriores a Brocade SANnav 2.2.0, podría permitir a un atacante local autenticado visualizar información confidencial como las contraseñas ssh en filetansfer.log en modo de depuración. Para explotar esta vulnerabilidad, el atacante necesitaría tener credenciales de usuario válidas y habilitar el modo de depuración • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-28162
https://notcve.org/view.php?id=CVE-2022-28162
Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. Brocade SANnav versiones hasta SANnav 2.2.0, registra el token de autenticación de la API REST en texto plano • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1841 • CWE-312: Cleartext Storage of Sensitive Information •