Vulnerabilities > CVE-2008-3288 - Cryptographic Issues vulnerability in EMC Dantz Retrospect Backup Server 7.5.508

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

emc

CWE-310

nessus

NVD

Published: 2008-07-24

Updated: 2018-10-11

Summary

The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Dantz Retrospect Backup Server 7.5.508	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	Windows
NASL id	RETROSPECT_SERVER_ESA_08_009.NASL
description	According to its version number, the Authentication Module in the Retrospect Backup Server installed on the remote host uses a weak hash algorithm to hash a user
last seen	2020-06-01
modified	2020-06-02
plugin id	33562
published	2008-07-23
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33562
title	Retrospect Backup Server Authentication Module Password Hash Weakness (ESA-08-009)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References