CVE-2022-28168
https://notcve.org/view.php?id=CVE-2022-28168
In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. En Brocade SANnav versiones anteriores a Brocade SANnav versión 2.2.0.2 y Brocade SANnav versión 2.1.1.8, las contraseñas codificadas del servidor scp son almacenadas usando codificación Base64, lo que podría permitir a un atacante capaz de acceder a los archivos de registro descifrar fácilmente las contraseñas • https://security.netapp.com/advisory/ntap-20220627-0003 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1979 • CWE-922: Insecure Storage of Sensitive Information •
CVE-2022-28167
https://notcve.org/view.php?id=CVE-2022-28167
Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log Brocade SANnav versiones anteriores a Brocade SANvav versión 2.2.0.2 y Brocade SANanv versión 2.1.1.8, registra la contraseña del conmutador Brocade Fabric OS en texto plano en el archivo asyncjobscheduler-manager.log • https://security.netapp.com/advisory/ntap-20220627-0002 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1978 • CWE-522: Insufficiently Protected Credentials •
CVE-2022-28166
https://notcve.org/view.php?id=CVE-2022-28166
In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. En Brocade SANnav versiones anteriores a SANN2.2.0.2 y Brocade SANNav versiones anteriores a 2.1.1.8, la implementación del servidor TLS/SSL admite el uso de cifrados de clave estática (ssl-static-key-ciphers) en los puertos 443 y 18082 • https://security.netapp.com/advisory/ntap-20220627-0001 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1977 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •