ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

[EMC Product Security Response Center <Security_Alert () emc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-119: EMC Elastic Cloud Storage Undocumented Account Vulnerability

EMC Identifier: ESA-2017-119
CVE Identifier: CVE-2017-8021
Severity Rating: CVSS Base Score: 9.4 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H)

Affected products: 
*       EMC Elastic Cloud Storage all versions prior to 3.1

Summary:  
EMC Elastic Cloud Storage (ECS) is affected by an undocumented account vulnerability that could potentially be 
leveraged by malicious users to compromise the affected system.

Details:  
ECS versions prior to 3.1 contain an undocumented account (emcservice) that is protected with a default password. This 
user account is intended for use by customer support representatives to troubleshoot ECS configuration issues. A remote 
malicious user with the knowledge of the default password could potentially login to compromise the affected system. 

Resolution:  
Information about this account has been added to the ECS 3.1 Security Configuration Guide. EMC recommends all customers 
to change the default password at the earliest opportunity.

Link to Remedy:
Customers are requested to contact Customer Support to help change the default password for this account.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZypJ7AAoJEHbcu+fsE81Zox4H/R/y4X7VOWaM7dH/tZHcwdvr
kPZ+2OF/qGqArBpOQxO3l8tZp986Ru2BOz+VSZeh/4ZUl91o2SyNv5WdB3tT6bIl
VhWm9NtrCU60m5m2LAGvDnaycqjC+oDQOYJ0uD6bgYu5VGNPySaQ1Nd7yGucQ+nR
/8yxLWomiUmXJkW/7xeEBZ9sNugL9RdKBq30B4K9FPKtYQ8wcf7PF5rv8JHVqGax
bkbtJOjnYHeC+LUFtcJ9CPpC8MUQ2ua70LBSDeunPsOZdwjDLm8KhYZ75v0hCEi3
veye1eNG2/NRLFf25hMmNh7rh/nT2p4jsSAU6qYu11lQKPH36Iq6N9DXCSC/l44=
=8t9r
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/