Lucene search

[email protected]NVD:CVE-2014-4623

HistoryOct 25, 2014 - 10:55 a.m.

CVE-2014-4623

2014-10-2510:55:06

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

JSON

EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.

Affected configurations

NVD

Node

emcavamarMatch6.0.1

emcavamarMatch6.0.2

emcavamarMatch6.0.3

emcavamarMatch6.1

emcavamarMatch6.1.101-87

emcavamarMatch7.0

emcavamarMatch7.0sp1

References

archives.neohapsis.com/archives/bugtraq/2014-10/0146.html

packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html

www.securityfocus.com/bid/70732

www.securitytracker.com/id/1031117

exchange.xforce.ibmcloud.com/vulnerabilities/97757

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for NVD:CVE-2014-4623

cve1 securityvulns2 prion1 cvelist1