ESA for Content Server AEK

ESA-2015-013: EMC Documentum Content Server Improper Storage of Sensitive Keys Vulnerability – The root encryption key (i.e., the Application Encryption Key – AEK) on the Content Server is stored on the file system without proper security measures. An authenticated malicious user with access to the local file system could access this encryption key and retrieve sensitive application information.  This vulnerability affects all versions of the Content Server prior to v7.2.  Documentum Content Server v7.2 uses RSA’s Lockbox technology to protect this (and other) crypto keys on the Content Server.

EMC recommends upgrading to Documentum Content Server v7.2 ASAP.

UPDATE:  This ESA was updated to include a best practice: All customers are strongly advised to change the default passphrase that is used to encrypt AEK using dm_crypto_change_passphrase.


About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: