Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Hard-coded Credentials in StoneFly Storage Concentrator
Vulnerability Description
Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
StoneFly Storage Concentrator 信任管理问题漏洞
Vulnerability Description
StoneFly storage concentrator是StoneFly公司的一种数据集中存储设备。 Storage Concentrator 8.0.4.26之前版本存在信任管理问题漏洞,该漏洞源于在配置文件中嵌入了硬编码凭据,虽然凭据以编码格式存储,但编码可被逆向为明文,暴露的凭据涵盖数据库账户、许可、复制服务和第三方集成等内部服务,可能导致攻击者未授权访问多个互联系统。
CVSS Information
N/A
Vulnerability Type
N/A