PT-2015-5947 · Microsoft+3 · Windows+4
Josep Pi Rodriguez
+1
·
Published
2015-09-21
·
Updated
2016-12-07
·
CVE-2015-2864
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Retrospect versions prior to 10.0.2.119 on Windows
Retrospect versions prior to 12.0.2.116 on OS X
Retrospect versions prior to 10.0.2.104 on Linux
Retrospect Client versions prior to 10.0.2.119 on Windows
Retrospect Client versions prior to 12.0.2.116 on OS X
Retrospect Client versions prior to 10.0.2.104 on Linux
Description
The issue improperly generates password hashes, making it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
Recommendations
For Retrospect and Retrospect Client on Windows, update to version 10.0.2.119 or later.
For Retrospect and Retrospect Client on OS X, update to version 12.0.2.116 or later.
For Retrospect and Retrospect Client on Linux, update to version 10.0.2.104 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux
Os X
Retrospect
Retrospect Client
Windows