Lucene search
HistorySep 21, 2015 - 10:59 a.m.
CVE-2015-2864
cve-2015-2864
retrospect
retrospect client
authentication bypass
password hashes
remote attackers
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.1%
Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.
Affected configurations
Node
retrospectretrospectMatch10.0.2windows
ORretrospectretrospectMatch12.0.2mac
ORretrospectretrospect_clientMatch10.0.2linux
ORretrospectretrospect_clientMatch10.0.2windows
ORretrospectretrospect_clientMatch12.0.2mac
Related
cvelist
cvelist
CVE-2015-2864
2015-09-21 10:00:00
cert
cert
Retrospect Backup Client uses weak password hashing
2015-06-15 00:00:00
nvd
nvd
CVE-2015-2864
2015-09-21 10:59:00
prion
prion
Authentication flaw
2015-09-21 10:59:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
81.1%
Related for CVE-2015-2864