CVE-2020-7196
MEDIUMHPE BlueData EPIC < 4.0 & Ezmeral Container Platform 5.0 - Exposed kdc_admin_password
Title source: llmDescription
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
CWE-200
Status
published
Products (2)
hp/bluedata_epic
< 4.0
hp/ezmeral_container_platform
5.0
Published
Oct 26, 2020
Tracked Since
Feb 18, 2026