PT-2015-5947 · Microsoft+3 · Windows+4
Josep Pi Rodriguez
+1
·
Publicado
2015-09-21
·
Atualizado
2016-12-07
·
CVE-2015-2864
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Retrospect versions prior to 10.0.2.119 on Windows
Retrospect versions prior to 12.0.2.116 on OS X
Retrospect versions prior to 10.0.2.104 on Linux
Retrospect Client versions prior to 10.0.2.119 on Windows
Retrospect Client versions prior to 12.0.2.116 on OS X
Retrospect Client versions prior to 10.0.2.104 on Linux
Description
The issue improperly generates password hashes, making it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
Recommendations
For Retrospect and Retrospect Client on Windows, update to version 10.0.2.119 or later.
For Retrospect and Retrospect Client on OS X, update to version 12.0.2.116 or later.
For Retrospect and Retrospect Client on Linux, update to version 10.0.2.104 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linux
Os X
Retrospect
Retrospect Client
Windows