CVE-2022-28164
MEDIUMBrocade SANnav < 2.2.0 - Authenticated Password Decryption via Blowfish Encryption
Title source: llmDescription
Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-1843
Scores
CVSS v3
6.5
EPSS
0.0008
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (1)
broadcom/sannav
< 2.2.0
Published
May 06, 2022
Tracked Since
Feb 18, 2026