CFS-2018-004: Active Directory Password Vulnerability

Issue Date: 2018/11/11
Updated Date: 2018/11/11
Title: Active Directory Password Vulnerability
Classification: High
Status: Closed
Affected Products: All supported versions

Summary

Security Vulnerabilities related to passwords.

Details

Under some rare circumstances, Active Directory (AD) accounts used for logging in as an admin user into the Panzura filer’s WebUI may result in a security vulnerability exposing user passwords in an error log if the login fails. This can happen if the filer is configured to an incorrect AD server or the AD server is unavailable due to network related issues. This issue does not impact users using AD authentication to mount and access files on the Panzura filer.

Resolution

Customers who have configured AD authentication to login to the Panzura web-based management interface are encouraged to upgrade to Panzura CloudFS 7.1.6.1 or above to resolve this security vulnerability.