Local cybersecurity firm Digital Defense announced Friday it discovered vulnerabilities in multiple products from Dell EMC, the data storage arm of the Austin-based computer giant.
According to analysts at Gartner, Dell ships more servers than any company and has many clients on its virtual servers.
The Vulnerability Research Team at Digital Defense regularly looks for problems with popular products and services to better advise their clients. Among the flaws discovered was a critical one that could allow bad actors to remotely access specific backup servers without having the user name or password.
"They kind of give you the keys to the kingdom,” Vice President of Engineering Mike Cotton said. “A lot of times, the primary systems are heavily armored, but then when they ship the data to the backup system that can be a repository for a lot of valuable things."
Hackers could circumvent the authentication process by tricking the configuration file. The systems affected were: Avamar Server, NetWorker Virtual Addition and Integrated Data Protection Appliance and Avamar Installation Manager.
Cotton said Dell jumped on the problem right away and patched the flaw.
In a statement, Dell confirmed the flaws have been fixed and its customers were alerted.
According to a Dell EMC spokesman, the company does not have a bug bounty program, a policy of paying ethical hackers who discover security flaws and report them. They do have in-house vulnerability teams analyzing products because technology vulnerabilities are “a fact of life.”
Paul Flahive can be reached at paul@tpr.org or follow him on Twitter @paulflahive
