Sign in / up

back to article Penetration tester pokes six holes in Dell EMC's RecoverPoint products

Infosec outfit Foregenix has uncovered six vulnerabilities in Dell EMC's data protection platform RecoverPoint, three of which have been fixed. Paul Taylor, a senior penetration tester at Foregenix, found five zero-day vulnerabilities in RecoverPoint devices, as well as an insecure configuration option. The flaws, one of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Robert Helpmann??
    FAIL

    Loser McLoserface

    Hardcoded root password...

    LDAP credentials sent in cleartext...

    Saving the worst for last. These two are so ridiculous, it's like someone lost a drinking contest and the penalty was to put these in the loser's project somehow. Either that, or there was a bet as to how long these would go undiscovered.

    6 0 Reply
  2. Anonymous Coward
    Facepalm

    Foregenix vulnerabilities in RecoverPoint devices

    "Foregenix, found five zero-day vulnerabilities in RecoverPoint devices, as well as an insecure configuration option."

    Why didn't Dells security department pick this up in the testing stage. They do actually have such a security department or do they have a department tasked with inserting such vulnerabilities.

    4 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    I guess the same reason why Canadian Gov CSE certified it after finding nothing wrong, and Northrop Grumman missed them when they released other CVEs earlier this year.

    https://www.cse-cst.gc.ca/en/publication/emc-recoverpointtm-v44

    http://seclists.org/fulldisclosure/2018/Feb/9

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like