Dell PowerScale OneFS NDMP Weak Password Encoding CVE-2022-45099
CVE-2022-45099 Published on February 1, 2023
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise
Vulnerability Analysis
CVE-2022-45099 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password. Password management issues occur when a password is stored in plaintext in an application's properties or configuration file. A programmer can attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password.
Products Associated with CVE-2022-45099
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-45099 are published in these products:
Affected Versions
Dell PowerScale OneFS:- Version 8.2.x, <= 9.4.x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.