Insecure sannav access using undocumented Brocade SANnav user "sannav" (no CVE)
|
Brocade Security Advisory ID |
BSA-2024-2576 |
|
Component |
OVA Linux |
|
|
|
Summary
An external researcher made a claim that an undocumented "sannav" user with a default password existed in Brocade SANnav OVA v2.1.1
Brocade Response
The "sannav" user is documented in the Brocade® SANnav™ Management Portal Installation and Migration Guide, 2.1.1x
https://docs.broadcom.com/doc/SANnav-211x-Install-IG
Note: The user "sannav" was removed in Brocade SANnav v2.2.0 and all later versions, and is thus no longer documented in the latest manuals.
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
4/24/2024 |
|
2.0 |
Updated with Brocade response, showing that the "sannav" user was documented in v2.1.1 manuals, and then later removed from SANnav and the manuals starting with v2.2.0 |
4/29/2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.