PT-2022-23510 · Unknown · Arq Backup
Sam Haskins
·
Published
2022-09-09
·
Updated
2022-09-14
·
CVE-2022-36617
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Arq Backup versions 7.19.5.0 and below
Description
The issue allows attackers with administrative privileges to recover cleartext passwords because Arq Backup stores backup encryption passwords using reversible encryption.
Recommendations
For Arq Backup versions 7.19.5.0 and below, consider changing the backup encryption passwords and storing them securely to prevent potential exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arq Backup