Dell PowerProtect Data Domain Log File Vulnerability Leading to Credential Exposure

A vulnerability exists in Dell PowerProtect Data Domain appliances running Data Domain Operating System (DD OS) versions 8.0 to 8.5, as well as LTS2025 release versions 8.3.1.0 to 8.3.1.10. This vulnerability involves the improper handling of sensitive information in log files. A low-privileged attacker with remote access could exploit this issue, potentially leading to the exposure of credentials. However, any authentication attempts made as the compromised user would require approval from a high-privileged DD user. This vulnerability is only present on systems with retention lock enabled.

Impact

Exploitation of this vulnerability could result in the unauthorized exposure of credentials, which could then be used to authenticate as the compromised user, provided the authentication is authorized by a high-privileged DD user.

Remediation

Users can upgrade to Dell PowerProtect Data Domain DD OS versions 8.6.0.0 or later, or version 8.3.1.20 or later. Instructions for upgrading the Data Domain Operating System are available on the Dell Support website.