Weak Credentials — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/weak-credentials/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 17 Apr 2026 08:16:16 +0000Dell PowerProtect Data Domain Weak Credentials Vulnerability (CVE-2026-23853)https://feed.craftedsignal.io/briefs/2026-04-dell-powerprotect-weak-creds/Fri, 17 Apr 2026 08:16:16 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-dell-powerprotect-weak-creds/Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions 7.7.1.0 through 8.5, 8.3.1.0 through 8.3.1.20, and 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability (CVE-2026-23853) that can lead to unauthorized access by a local attacker.Dell PowerProtect Data Domain is affected by a vulnerability (CVE-2026-23853) stemming from the use of weak credentials in Data Domain Operating System (DD OS). This issue impacts Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, and LTS2024 release versions 7.13.1.0 through 7.13.1.50. An unauthenticated, local attacker could exploit this vulnerability to gain unauthorized access to the system. Exploitation does not require network access, but rather relies on the presence of weak default or easily guessable credentials within the affected DD OS versions. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of data stored on the affected systems.

Attack Chain

  1. An attacker gains local access to a Dell PowerProtect Data Domain system running a vulnerable DD OS version (7.7.1.0-8.5, 8.3.1.0-8.3.1.20, or 7.13.1.0-7.13.1.50).
  2. The attacker attempts to authenticate using default or weak credentials.
  3. Upon successful authentication with weak credentials, the attacker gains unauthorized access to the DD OS.
  4. The attacker escalates privileges within the DD OS using commands available through the compromised account.
  5. The attacker gains access to sensitive data, including backup configurations, data encryption keys, or stored data backups.
  6. The attacker exfiltrates sensitive data from the Data Domain system to a remote location.
  7. The attacker modifies backup configurations to disrupt or prevent future backups.

Impact

Successful exploitation of CVE-2026-23853 allows an attacker with local access to gain unauthorized access to Dell PowerProtect Data Domain systems. This can lead to the compromise of sensitive data stored within the backups, including customer data, financial records, and intellectual property. The impact ranges from data breaches and financial losses to reputational damage and disruption of business operations. The affected systems are primarily used in enterprise environments, so a successful attack may impact hundreds of organizations.

Recommendation

  • Apply the security update provided by Dell as described in DSA-2026-060 to remediate the weak credentials vulnerability detailed in CVE-2026-23853. The advisory URL is available in the references section.
  • Review and enforce strong password policies for all accounts on Dell PowerProtect Data Domain systems.
  • Monitor authentication logs for the use of default credentials and failed login attempts on the affected systems.
  • Restrict local access to Dell PowerProtect Data Domain systems to authorized personnel only.
]]>highadvisorycve-2026-23853dellpowerprotectdata domainweak credentials