CVE-2025-12679
Plaintext PBE Key Exposure in Brocade SANnav Audit Logs
Publication date: 2026-02-02
Last updated on: 2026-03-03
Assigner: Brocade Communications Systems, LLC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| broadcom | sannav | to 2.4.0b (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Brocade SANnav before version 2.4.0b causes the Password-Based Encryption (PBE) key to be printed in plaintext in the system audit log file during a migration. This means that a remote authenticated attacker who has access to these audit logs could potentially obtain the PBE key. The audit logs are only accessible to privileged users on the server, not to SANnav admins or users.
How can this vulnerability impact me? :
The vulnerability could allow a remote authenticated attacker with access to the audit logs to retrieve the PBE key, potentially compromising encrypted data protected by that key. Since the audit logs are only accessible to privileged server users, the risk is limited to attackers who have such access, but it could lead to unauthorized data access or decryption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the system audit log files on the local server VM for plaintext Password-Based Encryption (PBE) keys. Since the audit logs are accessible only to privileged users on the server, you should review these logs during or after a migration process (as the vulnerability is triggered only during migration). Specific commands depend on the server OS, but generally, you can use commands like 'grep' on Linux to search for PBE keys in audit logs, for example: grep -i 'pbe key' /var/log/audit/audit.log. Note that the logs are local to the server VM and not controlled by SANnav.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the system audit logs to only highly trusted privileged users, especially during migration processes. Since the vulnerability exposes the PBE key in plaintext in audit logs, ensure that audit logs are securely stored and access is tightly controlled. Additionally, avoid performing migrations on systems where unauthorized users might have access to audit logs. Upgrading Brocade SANnav to version 2.4.0b or later, where the vulnerability is fixed, is recommended once available.