Vigil@nce - EMC Avamar Client for VMware: obtaining root password
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who can access to EMC Avamar Client for VMware 6.1,
can obtain the root password of Avamar Server.
Impacted products: Avamar
Severity: 2/4
Creation date: 26/10/2012
Revision date: 29/10/2012
DESCRIPTION OF THE VULNERABILITY
The EMC Avamar Client for VMware v6.1 product uses a "proxy"
virtual machine, in order to save virtualized environments to an
Avamar Server.
However, the root password of Avamar Server is stored in clear
text on the proxy.
An attacker, who can access to EMC Avamar Client for VMware 6.1,
can therefore obtain the root password of Avamar Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/EMC-Avamar-Client-for-VMware-obtaining-root-password-12097