Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
StoneFly recommends that users upgrade to Storage Concentrator version 8.0.4.29 or later to remediate these vulnerabilities.
Workaround
No workaround given by the vendor.
References
History
Tue, 30 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems. | |
| Title | Use of Hard-coded Credentials in StoneFly Storage Concentrator | |
| Weaknesses | CWE-798 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-06-30T22:54:42.362Z
Reserved: 2026-06-22T20:13:36.505Z
Link: CVE-2026-50110
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T06:45:15Z
Weaknesses