back to article Penetration tester pokes six holes in Dell EMC's RecoverPoint products

Infosec outfit Foregenix has uncovered six vulnerabilities in Dell EMC's data protection platform RecoverPoint, three of which have been fixed. Paul Taylor, a senior penetration tester at Foregenix, found five zero-day vulnerabilities in RecoverPoint devices, as well as an insecure configuration option. The flaws, one of …

  1. Robert Helpmann?? Silver badge
    FAIL

    Loser McLoserface

    Hardcoded root password...

    LDAP credentials sent in cleartext...

    Saving the worst for last. These two are so ridiculous, it's like someone lost a drinking contest and the penalty was to put these in the loser's project somehow. Either that, or there was a bet as to how long these would go undiscovered.

  2. Walter Bishop Silver badge
    Facepalm

    Foregenix vulnerabilities in RecoverPoint devices

    "Foregenix, found five zero-day vulnerabilities in RecoverPoint devices, as well as an insecure configuration option."

    Why didn't Dells security department pick this up in the testing stage. They do actually have such a security department or do they have a department tasked with inserting such vulnerabilities.

  3. Anonymous Coward
    Anonymous Coward

    I guess the same reason why Canadian Gov CSE certified it after finding nothing wrong, and Northrop Grumman missed them when they released other CVEs earlier this year.

    https://www.cse-cst.gc.ca/en/publication/emc-recoverpointtm-v44

    http://seclists.org/fulldisclosure/2018/Feb/9

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019