Volerion logoVolerion
Volerion logoVolerion

Brocade SANnav Password Logging Vulnerability in Support Save Logs

Vulnerability

A vulnerability exists in Brocade SANnav versions prior to 2.4.0b, where the admin password for Brocade Fabric OS Switches is logged in clear text within the SANnav support save logs. This issue is exacerbated when an Out of Memory (OOM) condition occurs on the SANnav server, as the heap dump file generated during this event includes the password in plain text. This vulnerability could allow a remote authenticated attacker with admin privileges to access the SANnav logs or the support save files and retrieve the switch admin password.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the Brocade Fabric OS Switch admin password, potentially allowing for elevated privileges or unauthorized actions within the switch management interface.

Remediation

Users can upgrade to Brocade SANnav versions 3.0 or 2.4.0b to address this vulnerability.

Added: Feb 2, 2026, 11:59 PM
Updated: Feb 2, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
2.5
exploitability
4.4
remediation
7.7
relevance
2.4
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.