CVE-2020-29501
Description
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in PowerStore X & T environments. A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dell PowerStore prior to 1.0.3.0.5.007 stores passwords in plain text, allowing local attackers to disclose credentials and gain elevated access.
Vulnerability
Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerability in both PowerStore X and T environments [1]. Passwords are stored in an unencrypted format, making them accessible to an attacker with local authenticated access.
Exploitation
An attacker must have local authenticated access to the PowerStore system. They can exploit the vulnerability by reading the stored credential files, which are stored in plain text. No user interaction is required [1].
Impact
Successful exploitation leads to disclosure of certain user credentials. The attacker can then use the exposed credentials to access the vulnerable application with the privileges of the compromised account, potentially leading to a full system compromise. The CVSS base score is 6.4, reflecting moderate but impactful confidentiality, integrity, and availability impacts [1].
Mitigation
The vulnerability is fixed in Dell EMC PowerStore version 1.0.3.0.5.007 and later [1]. Users should upgrade to this version or later to remediate the issue. No workarounds are available for unpatched systems.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 1.0.3.0.5.007
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/000180775mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.