Security News

EMC Data Protection Advisor authentication bypass vulnerability

By

The EMC Data Protection Advisor is a data protection management software to unify and automate monitoring, analysis and reporting across on-premises and cloud backup and recovery environments.

An authentication bypass vulnerability exists in EMC Data Protection Advisor. The application has integrated several hidden, hardcoded accounts with privileges, with default passwords:

 

User: Apollo System Test
Pass: [hidden]

User: emc.dpa.agent.logon
Pass: [hidden]

User: emc.dpa.metrics.logon
Pass: [hidden]

 

Those accounts could be used for logon via REST APIs on the GUI service listened on HTTP port 9002/9004. An attacker could send a normal HTTP requests, with the hidden accounts credentials, gaining potential admin privileges.

To launch such an attack, first encode the credential with base64 in this format: [user]:[pass].

Then send a HTTP request with the credentials in the HTTP header:

We recommand all administrators to update the EMC Data Protection Advisor with the latest patch asap. SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13192: EMC Data Protection Advisor Authentication Bypass 1
  • IPS 13193: EMC Data Protection Advisor Authentication Bypass 2
  • IPS 13194: EMC Data Protection Advisor Authentication Bypass 3
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Malicious Cyber activity roundup: The Thanksgiving week 2018 edition
Antidetect.B malware found with valid digital certificate (Jun 8,2016)
MS IIS WebDAV Information Disclosure (May 28, 2009)
Static Analysis of Malicious PDFs
Microsoft out-of-band Bulletin MS11-100 (Dec 30, 2011)
RanserKD ransomware uses Imgur to store infection data (Sept 2nd, 2016)
FakeXvid.A - Increase in drive-by infections (May 20, 2011)
Upatre.SMJ a Malware Hides in encrypted PNG Image