Support Content Notification - Support Portal

BSA-2022-1843

Product/Component

Brocade SANnav

1 more products

Notification Id

21294

Last Updated

04 May 2022

Initial Publication Date

04 May 2022

Status

Closed

Severity

High

CVSS Base Score

7.8 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

WorkAround

N/A

Affected CVE

CVE-2022-28164

Summary

Security Advisory ID : BSA-2022-1843

Component : Password Encryption

Revision : 1.0

Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords.

Affected Products.

Brocade SANnav - Fixed in Brocade SANnav 2.2.0

Product Confirmed Not Vulnerable

No other Brocade Fibre Channel Products from Broadcom products are currently known to be affected by this vulnerability.

Credit
The issue was discovered in penetration testing.

Revision History

Version	Change	Date
1.0	Initial Publication	May 3, 2022