CVE-2019-16210

Vulnerability

Brocade SANnav versions before v2.0 log the database connection password in plaintext when a support save is triggered. The password is written into log files that are collected into the support save archive. This issue affects all SANnav builds prior to version 2.0 [1].

Exploitation

An attacker must have authenticated local access to the server where SANnav is installed and must be able to read the support save file. Additionally, the database service must be exposed outside of the server (requiring root-level access to the SANnav host) for the captured password to be usable against the database. The attacker triggers or obtains an existing support save, extracts the plaintext password from the logs, and then uses that credential to connect to the exposed database service [1].

Impact

Successful exploitation allows an authenticated local attacker to obtain the database connection password. The attacker can then use that password to access the database, potentially leading to unauthorized data access, modification, or further compromise of the database and the information it contains. The impact is limited to scenarios where the database service is network-accessible from outside the SANnav server [1].

Mitigation

Brocade has addressed this vulnerability in SANnav version 2.0. Users should update to v2.0 or later. No workarounds are documented beyond upgrading. There is no indication that this CVE is listed in CISA’s Known Exploited Vulnerabilities catalog as of the publication date [1].