CVE-2022-34445Weak Encoding for Password in Dell Powerscale Onefs

CWE-261Weak Encoding for PasswordCWE-522Insufficiently Protected CredentialsCWE-326Inadequate Encryption Strength3 documents3 sources
Severity
4.4MEDIUMNVD
CNA6.0
EPSS
0.0%
top 86.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedFeb 11

Description

Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5dell/powerscale_onefs8.2.x9.3.x
NVDdell/powerscale_onefs9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-q557-c2gh-wm95: Dell PowerScale OneFS, versions 82023-02-11
CVEList
CVE-2022-34445: Dell PowerScale OneFS, versions 82023-02-10
CVE-2022-34445 — Weak Encoding for Password in Dell | cvebase