Vulnerabilities > CVE-2015-2864 - Credentials Management vulnerability in Retrospect and Retrospect Client

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

retrospect

CWE-255

NVD

Published: 2015-09-21

Updated: 2024-11-21

Summary

Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to bypass authentication and obtain access to backup files by leveraging a collision.

Vulnerable Configurations

Part	Description	Count
Application	Retrospect Retrospect Retrospect Client 12.0.2 Retrospect Retrospect Client 10.0.2 Retrospect Retrospect 10.0.2 Retrospect Retrospect 12.0.2	5

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://www.kb.cert.org/vuls/id/101500
http://www.kb.cert.org/vuls/id/101500
http://www.retrospect.com/support/kb/cve_2015_2864
http://www.retrospect.com/support/kb/cve_2015_2864
http://www.securityfocus.com/bid/75201
http://www.securityfocus.com/bid/75201
http://www.securitytracker.com/id/1033948
http://www.securitytracker.com/id/1033948
https://www.youtube.com/watch?v=MB8AL5u7JCA
https://www.youtube.com/watch?v=MB8AL5u7JCA