PT-2014-6030 · Emc · Emc Avamar
Published
2014-10-25
·
Updated
2017-08-29
·
CVE-2014-4623
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
EMC Avamar versions 6.0.x through 7.0.x
Description
The issue allows context-dependent attackers to obtain cleartext passwords via a brute-force attack because UNIX DES crypt is used for password hashing when Password Hardening before version 2.0.0.4 is enabled.
Recommendations
For versions 6.0.x through 7.0.x, update Password Hardening to version 2.0.0.4 or later to address the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Emc Avamar