SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Retrospect Vendors:   EMC, Retrospect
Retrospect Password Hashing Error Lets Remote Users Access Files on the Target System
SecurityTracker Alert ID:  1033948
SecurityTracker URL:  http://securitytracker.com/id/1033948
CVE Reference:   CVE-2015-2864   (Links to External Site)
Date:  Oct 22 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7 for Windows, 8 for Mac; and after
Description:   A vulnerability was reported in Retrospect. A remote user on the local network can conduct password guessing attacks to obtain files on the target system.

The password hash generating algorithm does not use the full password string when generating an authentication hash. As a result, hash collisions may occur.

A remote user on the local network can trigger a password hash collision and access the backup files on the target system.

Josep Pi Rodriguez and Pedro Guillen Nunez reported this vulnerability.

Impact:   A remote user on the local network can conduct password guessing attacks to access the backup files on the target system.
Solution:   The vendor has issued a fix (10.0.2 for Windows, 12.0.2 for Mac; Client 10.0.2 for Windows, Client 12.0.2 for Mac, Client 10.0.2 for Linux).

The vendor's advisory is available at:

http://www.retrospect.com/support/kb/cve_2015_2864

Vendor URL:  www.retrospect.com/support/kb/cve_2015_2864 (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC