Retrospect Remote Control Panel Un-initilization

1994-10-18T00:00:00
ID OSVDB:3103
Type osvdb
Reporter OSVDB
Modified 1994-10-18T00:00:00

Description

Vulnerability Description

Retrospect Remote Control Panel has a flaw that potentially allows a remote attacker to initialize a system, download every file and de-initialize the system. The flaw is due to the installation of the software not fully configuring the server. Once installed, Remote will wait for the server to download a security code and serial number. If this is not done, it leaves the server open to any remote user who has a copy of the software to perform the same actions not taken by the administrator.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: If the Remote control panel is present and there is no serial number present, drag the Remote control panel out of the Control Panels folder onto the desktop and restart the Macintosh. Also, verify that the password is not easily guessable.

Short Description

Retrospect Remote Control Panel has a flaw that potentially allows a remote attacker to initialize a system, download every file and de-initialize the system. The flaw is due to the installation of the software not fully configuring the server. Once installed, Remote will wait for the server to download a security code and serial number. If this is not done, it leaves the server open to any remote user who has a copy of the software to perform the same actions not taken by the administrator.

References:

Keyword: Apple Macintosh Generic Informational URL: http://docs.info.apple.com/article.html?artnum=16556