I thought about this yesterday while I was configuring d2 4.7 with docker 😀
Wow, interesting news came from where I didn’t expect: ECN guys states that EMC have stopped torturing customers and gave up the idea of using RSA Lockbox.
Here’s a little history of the Lockbox story that you might want to read:
Reported to EMC using support portal, proof of concept how authenticated user was able to gain superuser privileges:
EMC released Document D2 v 4.2 and some patches for previous versions, no CVE announced. The EMC “solution” was to encrypt data passed through c6_method_return objects
EMC released P01 patch for EMC Documentum D2 v4.2, no CVE announced. The vendor “solution” was not to store exception messages into “error” attribute of c6_method_return object if exception message contains “DM_TICKET” character sequence.
View original post 87 more words