EMC Data Protection Advisor authentication bypass vulnerability

By

The EMC Data Protection Advisor is a data protection management software to unify and automate monitoring, analysis and reporting across on-premises and cloud backup and recovery environments.

An authentication bypass vulnerability exists in EMC Data Protection Advisor. The application has integrated several hidden, hardcoded accounts with privileges, with default passwords:

 

User: Apollo System Test
Pass: [hidden]

User: emc.dpa.agent.logon
Pass: [hidden]

User: emc.dpa.metrics.logon
Pass: [hidden]

 

Those accounts could be used for logon via REST APIs on the GUI service listened on HTTP port 9002/9004. An attacker could send a normal HTTP requests, with the hidden accounts credentials, gaining potential admin privileges.

To launch such an attack, first encode the credential with base64 in this format: [user]:[pass].

Then send a HTTP request with the credentials in the HTTP header:

We recommand all administrators to update the EMC Data Protection Advisor with the latest patch asap. SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13192: EMC Data Protection Advisor Authentication Bypass 1
  • IPS 13193: EMC Data Protection Advisor Authentication Bypass 2
  • IPS 13194: EMC Data Protection Advisor Authentication Bypass 3
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.