The EMC Data Protection Advisor is a data protection management software to unify and automate monitoring, analysis and reporting across on-premises and cloud backup and recovery environments.
An authentication bypass vulnerability exists in EMC Data Protection Advisor. The application has integrated several hidden, hardcoded accounts with privileges, with default passwords:
User: Apollo System Test
Those accounts could be used for logon via REST APIs on the GUI service listened on HTTP port 9002/9004. An attacker could send a normal HTTP requests, with the hidden accounts credentials, gaining potential admin privileges.
To launch such an attack, first encode the credential with base64 in this format: [user]:[pass].