Vulnerabilities > CVE-2008-3288 - Cryptographic Issues vulnerability in EMC Dantz Retrospect Backup Server 7.5.508

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
emc
CWE-310
nessus

Summary

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.

Vulnerable Configurations

Part Description Count
Application
Emc
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL familyWindows
NASL idRETROSPECT_SERVER_ESA_08_009.NASL
descriptionAccording to its version number, the Authentication Module in the Retrospect Backup Server installed on the remote host uses a weak hash algorithm to hash a user
last seen2020-06-01
modified2020-06-02
plugin id33562
published2008-07-23
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/33562
titleRetrospect Backup Server Authentication Module Password Hash Weakness (ESA-08-009)