Hardcoded Secret at the Heart of the Dell Compellent VMware Vulnerability

In August, Dell disclosed vulnerability CVE-2023-39250 where "A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks." This actively affects Dell Storage Integration Tools for VMware (DSITV) customers. Learn how to protect yourself from this vulnerability and some tips on preventing similar mishaps in your codebases.

How Do I Mitigate This as a Dell Compellent Customer?

Before diving into what happened, if you think you might be affected, we encourage you to start the investigation and mitigation process as soon as possible. According to the report released by Dell, all users of DSITV should follow these workaround and mitigation steps:
