EMC Data Protection Advisor authentication bypass vulnerability

January 2, 2018

The EMC Data Protection Advisor is a data protection management software to unify and automate monitoring, analysis and reporting across on-premises and cloud backup and recovery environments.

An authentication bypass vulnerability exists in EMC Data Protection Advisor. The application has integrated several hidden, hardcoded accounts with privileges, with default passwords:


User: Apollo System Test
Pass: [hidden]

User: emc.dpa.agent.logon
Pass: [hidden]

User: emc.dpa.metrics.logon
Pass: [hidden]


Those accounts could be used for logon via REST APIs on the GUI service listened on HTTP port 9002/9004. An attacker could send a normal HTTP requests, with the hidden accounts credentials, gaining potential admin privileges.

To launch such an attack, first encode the credential with base64 in this format: [user]:[pass].

Then send a HTTP request with the credentials in the HTTP header:

We recommand all administrators to update the EMC Data Protection Advisor with the latest patch asap. SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13192: EMC Data Protection Advisor Authentication Bypass 1
  • IPS 13193: EMC Data Protection Advisor Authentication Bypass 2
  • IPS 13194: EMC Data Protection Advisor Authentication Bypass 3