{"status":"success","advisory":{"_id":"683547225b16347a91c39cdf","kb_acknowledgements":null,"kb_affected_list":["NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"],"kb_bad_data":false,"kb_cve":["CVE-2016-6904"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/vasa_cdot/7.1/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/vasa_cdot/7.0P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability may lead to the disclosure of authentication credentials to an unauthenticated attacker.","kb_internal_notes":[{"burt":"1029611","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release, Final status","date":"20171208","version":"1.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2016-6904":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2016-6904","range":"MEDIUM","score":5.9,"vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Final","kb_summary":"Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.","kb_title":"CVE-2016-6904 Plain Text Authentication vulnerability in VASA Provider for Clustered Data ONTAP","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp Storage Encryption","OnCommand Insight","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20171208-0002","adv_id":"ntap-20171208-0002","published_date":"2017-12-08T00:00:00","updated_date":"2017-12-08T00:00:00","inserted_date":"2025-05-27T05:01:22.114000","modified_date":null}}