1. Knowledge Base
  2. Security Advisories

CFS-2018-004: Active Directory Password Vulnerability

Issue Date: 2018/11/11
Updated Date: 2018/11/11
Title: Active Directory Password Vulnerability
Classification: High
Status: Closed
Affected Products: All supported versions

Summary

Security Vulnerabilities related to passwords.

Details

Under some rare circumstances, Active Directory (AD) accounts used for logging in as an admin user into the Panzura CloudFS WebUI may result in a security vulnerability exposing user passwords in an error log if the login fails. This can happen if the node is configured to an incorrect AD server or the AD server is unavailable due to network related issues. This issue does not impact users using AD authentication to mount and access files on the Panzura node.

Resolution

Resolved in Panzura CloudFS 7.1.6.1, and all later versions.