Primary

Context

Brocade SANnav Clear Text Database Password Logging Vulnerability After Disaster Recovery Failover

Vulnerability

Patched

A vulnerability exists in Brocade SANnav versions prior to 2.4.0b, where database passwords are logged in clear text on the standby SANnav server following a disaster recovery failover. This issue could enable a remote authenticated attacker with admin privileges to access SANnav logs or the supportsave feature to retrieve the database password.

Impact

Exploitation of this vulnerability could lead to unauthorized access to database passwords, potentially allowing for further exploitation of the SANnav server or its components.

Remediation

Users can upgrade to Brocade SANnav versions 3.0 or 2.4.0b to address this vulnerability.

Added: Feb 2, 2026, 11:59 PM

Updated: Feb 2, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.0

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

4.0

remediation

7.7

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade SANnav Clear Text Database Password Logging Vulnerability After Disaster Recovery Failover

Vulnerability

Impact

Remediation

Affected Products

Brocade SANnav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating