CVE-2015-0514

EMC Watch4Net < 6.5 and ViPR SRM < 3.6.0 - Unauthorized Exposure of Sensitive Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0514. PoCs published by Han Sahin.

AI-analyzed exploit summary This exploit demonstrates the decryption of EMC M&R (Watch4net) credentials stored with a hardcoded password. The provided Java code uses the `Utils.process()` method to decrypt credentials, highlighting the insecure cryptographic implementation.

Description

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

Exploits (1)

exploitdb WORKING POC

by Han Sahin · textwebappsjava

https://www.exploit-db.com/exploits/36436

View Code ZIP pw:eip

This exploit demonstrates the decryption of EMC M&R (Watch4net) credentials stored with a hardcoded password. The provided Java code uses the `Utils.process()` method to decrypt credentials, highlighting the insecure cryptographic implementation.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EMC M&R (Watch4Net) versions prior to 6.5u1, EMC ViPR SRM versions prior to 3.6.1

No auth needed

Prerequisites: Access to encrypted credentials stored by EMC M&R (Watch4net)

MITRE ATT&CK