CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29959 – Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save
https://notcve.org/view.php?id=CVE-2024-29959
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime contraseñas cifradas del conmutador Brocade Fabric OS en el guardado de soporte del nodo Brocade SANnav Standby. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23243 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29958 – Encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node.
https://notcve.org/view.php?id=CVE-2024-29958
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la clave de cifrado en la consola cuando un usuario privilegiado ejecuta el script para reemplazar el nodo en espera del Portal de admin... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23242 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29957 – Encryption key is stored in the DR log files
https://notcve.org/view.php?id=CVE-2024-29957
19 Apr 2024 — When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Cuando los servidores Brocade SANnav anteriores a v2.3.1 y v2.3.0a están configurados en modo de recuperación de desastres, la clave de cifrado se almacena en los archivos de registro de recuperación ante desastres. Esto podría proporcionar a los atacantes una rut... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23241 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29955 – Insertion of Sensitive Information into Brocade SANnav Log File
https://notcve.org/view.php?id=CVE-2024-29955
17 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podría permitir a un usuario privilegiado imprimir la clave cifrada de SANnav en los registros de inicio de PostgreSQL. Esto podría proporcionar a los atacantes una ruta adicional y menos prote... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23239 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29952 – Clear text storage of sensistive information by manipulating command variables
https://notcve.org/view.php?id=CVE-2024-29952
17 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podría permitir que un usuario autenticado imprima las contraseñas del almacén de claves Auth, Priv y SSL en registros no cifrados manipulando variables de comando. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29951 – Brocade SANnav has weak encryption in internal SSH ports
https://notcve.org/view.php?id=CVE-2024-29951
17 Apr 2024 — Brocade SANnav before v2.3.1 and v2.3.0a uses the SHA-1 hash in internal SSH ports that are not open to remote connection. Brocade SANnav anterior a v2.3.1 y v2.3.0a utiliza el hash SHA-1 en puertos SSH internos que no están abiertos a conexiones remotas. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23237 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28161
https://notcve.org/view.php?id=CVE-2022-28161
09 May 2022 — An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. Una vulnerabilidad de exposición de información a través de archivos de registro en Brocade SANNav versiones anteriores a Brocade SANnav 2.2.0, podría permitir a... • https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1840 • CWE-532: Insertion of Sensitive Information into Log File •