Primary

Context

Brocade SANnav Password-Based Encryption Key Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Brocade SANnav versions prior to 2.4.0b, where the Password-Based Encryption (PBE) key is logged in plaintext in the system audit log. This issue arises only during migration processes, not in new installations. The audit logs, which are accessible solely to privileged users on the server, can be exploited by remote authenticated attackers who have access to these logs.

Impact

Exposing the PBE key in plaintext could allow unauthorized decryption of sensitive data, potentially leading to further exploitation.

Remediation

Users can upgrade to Brocade SANnav versions 3.0 or 2.4.0b to address this vulnerability.

Added: Feb 2, 2026, 11:59 PM

Updated: Feb 2, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

2.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

2.3

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade SANnav Password-Based Encryption Key Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Brocade SANnav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating