CVE-2020-7196

MEDIUM

HPE BlueData EPIC < 4.0 & Ezmeral Container Platform 5.0 - Exposed kdc_admin_password

Title source: llm
STIX 2.1

Description

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0085
EPSS Percentile 53.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-522
Status published
Products (2)
hp/bluedata_epic < 4.0
hp/ezmeral_container_platform 5.0
Published Oct 26, 2020
Tracked Since Feb 18, 2026