Vulnerabilities > CVE-2008-3288 - Cryptographic Issues vulnerability in EMC Dantz Retrospect Backup Server 7.5.508
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family | Windows |
NASL id | RETROSPECT_SERVER_ESA_08_009.NASL |
description | According to its version number, the Authentication Module in the Retrospect Backup Server installed on the remote host uses a weak hash algorithm to hash a user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33562 |
published | 2008-07-23 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33562 |
title | Retrospect Backup Server Authentication Module Password Hash Weakness (ESA-08-009) |
References
- http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639
- http://kb.dantz.com/display/2/articleDirect/index.asp?aid=9692&r=0.5160639
- http://secunia.com/advisories/31186
- http://secunia.com/advisories/31186
- http://securityreason.com/securityalert/4026
- http://securityreason.com/securityalert/4026
- http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
- http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
- http://www.securityfocus.com/archive/1/494636/100/0/threaded
- http://www.securityfocus.com/archive/1/494636/100/0/threaded
- http://www.securityfocus.com/bid/30319
- http://www.securityfocus.com/bid/30319
- http://www.securitytracker.com/id?1020534
- http://www.securitytracker.com/id?1020534
- http://www.vupen.com/english/advisories/2008/2150/references
- http://www.vupen.com/english/advisories/2008/2150/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43935