-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability
EMC Identifier: ESA-2017-119 CVE Identifier: CVE-2017-8021 Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H) Affected products: * EMC Elastic Cloud Storage all versions prior to 3.1 Summary: EMC Elastic Cloud Storage (ECS) is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. Details: ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote malicious user with the knowledge of the default password could potentially login to compromise the affected system. Resolution: Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers to change the default password at the earliest opportunity. Link to Remedy: Customers are requested to contact Customer Support to help change the default password for this account. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR /8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3 veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44= =8t9r -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
