CVE-2017-8013 in Data Protection Advisor
Summary
by MITRE
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/13/2021
The vulnerability identified as CVE-2017-8013 represents a critical security flaw in EMC Data Protection Advisor software versions 6.3.x prior to patch 67 and 6.4.x prior to patch 130. This issue stems from the inclusion of undocumented system accounts with hard-coded passwords that persist across software installations and updates. The presence of these accounts violates fundamental security principles and creates persistent attack vectors that remain unknown to administrators and security teams. The vulnerability specifically affects three accounts named "Apollo System Test", "emc.dpa.agent.logon", and "emc.dpa.metrics.logon", each possessing varying levels of system privileges that could be exploited by malicious actors.
The technical implementation of this vulnerability involves the deliberate inclusion of hard-coded credentials within the software distribution, a practice that directly contravenes security best practices and industry standards. These accounts are not documented in standard installation procedures or administrative guides, making them invisible to legitimate system administrators who would normally discover and secure such accounts during routine security assessments. The hard-coded nature of these passwords means they cannot be changed through normal administrative procedures, creating a permanent security risk that persists until the software is properly patched or replaced. This flaw aligns with CWE-798, which specifically addresses the use of hard-coded credentials, and represents a classic example of insecure credential management in enterprise software.
The operational impact of this vulnerability extends far beyond simple unauthorized access, as the affected accounts possess privileges that could enable full administrative control over the EMC Data Protection Advisor system. When exploited through the REST APIs, these accounts could provide attackers with complete control over backup operations, data access, system configuration, and potentially access to sensitive backup data. The REST API exposure creates an additional attack surface that allows remote exploitation without requiring physical access to the system, making the vulnerability particularly dangerous in networked environments. This vulnerability could enable attackers to manipulate backup schedules, access protected data, modify system configurations, or even delete critical backup information, potentially causing significant business disruption and data loss.
Security practitioners should implement immediate mitigation strategies including applying the vendor patches released for versions 6.3.x patch 67 and 6.4.x patch 130, which address the hardcoded credential issue. Organizations should also conduct comprehensive security assessments to identify and disable any remaining instances of these accounts within their environments, particularly in systems where the patches may not have been applied or where legacy installations persist. Network segmentation and access control measures should be implemented to restrict access to the REST APIs, and monitoring should be enhanced to detect unauthorized access attempts to these specific accounts. The vulnerability demonstrates the importance of adhering to the principle of least privilege and maintaining proper credential lifecycle management as outlined in the MITRE ATT&CK framework under the credential access tactics, specifically targeting the use of valid accounts for unauthorized access. Organizations should also consider implementing automated vulnerability scanning tools that can detect the presence of hardcoded credentials in software installations, as this represents a common pattern that security teams should actively monitor for across their enterprise environments.