Primary

Context

Brocade SANnav Password and Key Logging Vulnerability in Audit Logs

Vulnerability

Patched

A vulnerability exists in Brocade SANnav versions prior to 2.4.0a, where passwords and PBE keys are logged in the server's audit logs under certain conditions. This issue affects both standard and OVA deployments of SANnav. The logged information includes security passwords, database passwords, and PBE keys during disaster recovery setups between SANnav servers. These audit logs are only accessible to the server admin of the host server, not to SANnav admins or users.

Impact

The vulnerability leads to the cleartext logging of sensitive information, including passwords and cryptographic keys, in audit logs that are accessible only to the host server's admin.

Remediation

Users can upgrade to Brocade SANnav version 2.4.0a to address this vulnerability.

Added: Jul 10, 2025, 9:27 PM

Updated: Jul 10, 2025, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.3

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.3

exploitability

3.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brocade SANnav Password and Key Logging Vulnerability in Audit Logs

Vulnerability

Impact

Remediation

Affected Products

Brocade SANnav

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating