CVE-2022-28170
Description
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Brocade Fabric OS stores server and user passwords in debug statements, allowing local users to extract them from debug files.
Vulnerability
Brocade Fabric OS Web Application services store server and user passwords in debug statements. This affects all versions before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, and v7.4.2j [1].
Exploitation
An attacker with local access to the system can extract passwords from debug files generated by the Web Application services [1].
Impact
Successful exploitation allows the attacker to obtain passwords, potentially compromising confidentiality and leading to unauthorized access to systems or data [1].
Mitigation
Brocade has released fixes in versions v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, v7.4.2j, and v9.1.0b. Users should upgrade to a patched version as soon as possible [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Brocade/Fabric OS Web Application servicesdescription
- Range: <9.1.0, <9.0.1e, <8.2.3c, <7.4.2j
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.