CVE-2021-32522

QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts

CVSS 9.8 CRITICALEPSS 1.4%CWE-307

In short

The QSAN storage systems don't properly limit login attempts, allowing attackers to guess passwords through repeated attacks. This can lead to unauthorized access to critical storage systems.

Technical detail

CWE-307 vulnerability enabling brute force attacks against authentication mechanisms in QSAN Storage Manager, XEVO, and SANOS; remote attackers can enumerate valid credentials by making unlimited login attempts without rate limiting or account lockout protections, potentially compromising data confidentiality and integrity.

Summary generated and translated by AI from the official description.

Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager, XEVO, SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

QSAN · SANOS QSAN · Storage Manager QSAN · XEVO

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.twcert.org.tw/tw/cp-132-4878-0a279-1.html